NGate NFC malware targets Android users through trojanized payment app (opens in new tab)

NFC-based payment fraud is expanding geographically and operationally. A campaign active since November 2025 is targeting Android users in Brazil using a new variant of the NGate malware family, this time embedded in a trojanized version of HandyPay, a legitimate NFC relay application available on Google Play since 2021. ESET Research identified the campaign and attributed two separate NGate samples to the same threat actor. Both samples are distributed from the same domain and use … More → T...