Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

NGate / NFSkate NFC relay campaign targeting Polish bank users

Campaign
First reported
Last updated
Happening score
H score 40
1 unique sources, 1 articles

Summary

Hide ▲

The NGate / NFSkate campaign is using phishing emails or SMS to trick users of Polish banks into installing Android malware that relays NFC traffic and enables unauthorized ATM cash withdrawals. Victims are told to verify a payment card inside the app, which turns their own phone into a relay for card data. The operation matters because it combines social engineering and NFC abuse to steal cash without physically taking the card.

Related Happenings

TrickMo Android banking trojan variant with TON C2 and network pivots

Malware Activity
First: 12.05.2026 15:50 Last: 12.05.2026 15:50 Sources 1

About this happening: A new **TrickMo** Android banking trojan variant now uses **The Open Network (TON)** for C2, turning infected phones into **network pivots** and **traffic-exit nodes**. It was obs...

Open Happening

NGate Android Brazil fake-app and fake-lottery campaign

Campaign
First: 21.04.2026 12:00 Last: 21.04.2026 12:00 Sources 1

About this happening: A **NGate** campaign has been active since **November 2025**, targeting primarily **Android devices in Brazil** and using **fake-app** and **fake-lottery** lures to spread a malic...

Open Happening

NGate malware trojanized HandyPay NFC-stealing variant

Malware Activity
First: 21.04.2026 12:00 Last: 21.04.2026 12:00 Sources 1

About this happening: A **new NGate variant** is stealing **NFC payment data** from **Android users in Brazil**, raising the risk of **unauthorized purchases** and **ATM cash withdrawals**. The malware...

Open Happening

FakeWallet Apple App Store wallet-stealing apps

Malware Activity
First: 21.04.2026 00:52 Last: 21.04.2026 00:52 Sources 1

About this happening: The **FakeWallet** app set turned the **Apple App Store** into a delivery channel for **26 malicious wallet lookalikes**, putting crypto holders at risk of account takeover and th...

Open Happening

IPTV app lure campaign distributing Massiv Android banking malware

Campaign
First: 19.03.2026 12:13 Last: 19.03.2026 12:13 Sources 1

About this happening: A **recent IPTV app lure campaign** is distributing **Massiv Android banking malware**, putting users who seek **free or low-cost live sports broadcasts** at risk of device compro...

Open Happening

Timeline

  1. 11.11.2025 13:44 2 articles · 6mo ago

    CERT Polska warns on NGate NFC relay attacks targeting Polish bank users

    Initial Disclosure

    CERT Polska warns that NGate (aka NFSkate) targets users of Polish banks with Android malware delivered through phishing emails or SMS messages that impersonate banks, prompt victims to verify a payment card by tapping it on the back of an Android device, and silently capture NFC traffic for attacker-controlled relay to enable unauthorized cash withdrawals at ATMs.

    Show sources
    Open in new tab