Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

NGate / NFSkate NFC relay campaign targeting Polish bank users

Campaign
First reported
Last updated
Happening score
H score 34
1 unique sources, 1 articles

Summary

Hide ▲

The NGate / NFSkate campaign is using phishing emails or SMS to trick users of Polish banks into installing Android malware that relays NFC traffic and enables unauthorized ATM cash withdrawals. Victims are told to verify a payment card inside the app, which turns their own phone into a relay for card data. The operation matters because it combines social engineering and NFC abuse to steal cash without physically taking the card.

Related Happenings

NFCShare Android malware spreads via fake banking-app updates

Malware Activity
H score21 First: 09.06.2026 01:11 Last: 09.06.2026 01:11 Sources 1

About this happening: The **NFCShare Android malware** is being spread as **fake banking-app updates on GitHub**, broadening attacks against **customers of multiple banks and financial institutions acr...

Open Happening

NFCShare fake banking-app update phishing campaign

Campaign
H score40 First: 09.06.2026 01:11 Last: 09.06.2026 01:11 Sources 1

About this happening: The **NFCShare** phishing campaign is using **fake banking-app updates** on **GitHub** to steal **payment card data** from customers of multiple banks across **Europe**, expanding...

Open Happening

TrickMo Android banking trojan variant with TON C2 and network pivots

Malware Activity
H score26 First: 12.05.2026 15:50 Last: 12.05.2026 15:50 Sources 1

About this happening: A new **TrickMo** Android banking trojan variant now uses **The Open Network (TON)** for C2, turning infected phones into **network pivots** and **traffic-exit nodes**. It was obs...

Open Happening

NGate Android Brazil fake-app and fake-lottery campaign

Campaign
H score37 First: 21.04.2026 12:00 Last: 21.04.2026 12:00 Sources 1

About this happening: A **NGate** campaign has been active since **November 2025**, targeting primarily **Android devices in Brazil** and using **fake-app** and **fake-lottery** lures to spread a malic...

Open Happening

NGate malware trojanized HandyPay NFC-stealing variant

Malware Activity
H score34 First: 21.04.2026 12:00 Last: 21.04.2026 12:00 Sources 1

About this happening: A **new NGate variant** is stealing **NFC payment data** from **Android users in Brazil**, raising the risk of **unauthorized purchases** and **ATM cash withdrawals**. The malware...

Open Happening

Timeline

  1. 11.11.2025 13:44 2 articles · 7mo ago

    CERT Polska warns on NGate NFC relay attacks targeting Polish bank users

    Initial Disclosure

    CERT Polska warns that NGate (aka NFSkate) targets users of Polish banks with Android malware delivered through phishing emails or SMS messages that impersonate banks, prompt victims to verify a payment card by tapping it on the back of an Android device, and silently capture NFC traffic for attacker-controlled relay to enable unauthorized cash withdrawals at ATMs.

    Show sources
    Open in new tab