Get the scoop on finance - sign up for mobile alerts
Scams, Hacks & Breaches
| On
August 30, 2024

Scammers Draining Cash Directly From ATMs, Emptying Bank Accounts Without Debit Cards in Sophisticated Scheme: Cybersecurity Researchers

By Mark Emem

Cybersecurity researchers say scammers have found a sophisticated way to drain bank accounts directly from ATMs – without needing a debit card in hand.

Experts at the cybersecurity software firm ESET say they’ve discovered a dangerous and unprecedented type of malware they’re calling NGate.

ADVERTISEMENT

To begin the attack, scammers deploy a phishing technique to embed the malicious software in victims’ mobile devices.

“Victims downloaded and installed the malware after being deceived into thinking they were communicating with their bank and that their device was compromised. In reality, the victims had unknowingly compromised their own Android devices by previously downloading and installing an app from a link in a deceptive SMS message about a potential tax return…

After being installed and opened, NGate displays a fake website that asks for the user’s banking information, which is then sent to the attacker’s server.”

Some of the information the NGate banking malware asks for includes the victim’s date of birth, their banking client ID and the PIN code for their banking card.

ADVERTISEMENT

Once installed and opened, the NGate malware prompts victims to turn on their mobile device’s near-field communication (NFC) feature.

“Then, victims are instructed to place their payment card at the back of their smartphone until the malicious app recognizes the card.

What’s happening behind the scenes is that the NFC data from the victim’s bank card is being sent through a server to the attacker’s Android device. Essentially, this allows the attacker to mimic the victim’s bank card on their own device. This means the attacker can now use this copied card data on their Android device to make payments and withdraw money from ATMs that use NFC…

This is the first time we have seen Android malware with this capability being used in the wild.”

If the attackers fail to carry out ATM transactions, their fallback plan is to transfer funds from the bank accounts of their victims to other accounts.

ADVERTISEMENT

So far, researchers say the scammers have appeared to target banks in the Czech Republic.

“During our investigation, we identified six different NGate apps specifically targeting clients of three banks in Czechia between November 2023 and March 2024.

In a substantial breakthrough, the Czech police apprehended a 22-year-old, who had been stealing money from ATMs in Prague. Upon arrest, the suspect had 160,000 Czech korunas in his possession, an amount equivalent to over 6,000 euros (approximately US$6,500). The nationality of the arrested individual has not been disclosed. According to the Czech police, the money recovered from the suspect was stolen from just the last three victims, so it is likely that the total amount stolen by the threat actor behind this scheme is considerably higher.”

Don't Miss a Beat – Subscribe to get email alerts delivered directly to your inbox
Check Price Action
Follow us on X, Facebook and Telegram
Surf The Daily Hodl Mix
&nbsp
Disclaimer: Opinions expressed at The Daily Hodl are not investment advice. Investors should do their due diligence before making any high-risk investments in Bitcoin, cryptocurrency or digital assets. Please be advised that your transfers and trades are at your own risk, and any losses you may incur are your responsibility. The Daily Hodl does not recommend the buying or selling of any cryptocurrencies or digital assets, nor is The Daily Hodl an investment advisor. Please note that The Daily Hodl participates in affiliate marketing.

Generated Image: Midjourney