NGate Android Brazil fake-app and fake-lottery campaign
Campaign
Summary
Hide ▲
Show ▼
A NGate campaign has been active since November 2025, targeting primarily Android devices in Brazil and using fake-app and fake-lottery lures to spread a malicious payments app. The operation matters because it is built to collect NFC payment data and card credentials from a broad consumer cohort rather than from a single victim.
Related Happenings
NFCShare Android malware spreads via fake banking-app updates
Malware Activity
H score21
First: 09.06.2026 01:11
Last: 09.06.2026 01:11
Sources 1
About this happening:
The **NFCShare Android malware** is being spread as **fake banking-app updates on GitHub**, broadening attacks against **customers of multiple banks and financial institutions acr...
NFCShare Android malware spreads via fake banking-app updates
Malware ActivityAbout this happening: The **NFCShare Android malware** is being spread as **fake banking-app updates on GitHub**, broadening attacks against **customers of multiple banks and financial institutions acr...
NFCShare fake banking-app update phishing campaign
Campaign
H score40
First: 09.06.2026 01:11
Last: 09.06.2026 01:11
Sources 1
About this happening:
The **NFCShare** phishing campaign is using **fake banking-app updates** on **GitHub** to steal **payment card data** from customers of multiple banks across **Europe**, expanding...
NFCShare fake banking-app update phishing campaign
CampaignAbout this happening: The **NFCShare** phishing campaign is using **fake banking-app updates** on **GitHub** to steal **payment card data** from customers of multiple banks across **Europe**, expanding...
Magecart Stripe and Google Tag Manager card-skimming campaign
Campaign
H score36
First: 04.06.2026 23:47
Last: 04.06.2026 23:47
Sources 1
About this happening:
The **Magecart** campaign is abusing **Stripe's API infrastructure** and **Google Tag Manager** containers to steal checkout data from **Magento/Adobe Commerce** stores. The skimm...
Magecart Stripe and Google Tag Manager card-skimming campaign
CampaignAbout this happening: The **Magecart** campaign is abusing **Stripe's API infrastructure** and **Google Tag Manager** containers to steal checkout data from **Magento/Adobe Commerce** stores. The skimm...
Google rolls out Android fake call detection against AI impersonation scam calls
Security Tool/Service
H score20
First: 03.06.2026 12:02
Last: 03.06.2026 12:02
Sources 1
About this happening:
**Google** is rolling out **fake call detection** on **Android 12 and later** devices this month, giving users a built-in warning when a caller may be using **AI voice-cloning** o...
Google rolls out Android fake call detection against AI impersonation scam calls
Security Tool/ServiceAbout this happening: **Google** is rolling out **fake call detection** on **Android 12 and later** devices this month, giving users a built-in warning when a caller may be using **AI voice-cloning** o...
Premium Deception Android malware campaign
Campaign
H score38
First: 20.05.2026 18:30
Last: 20.05.2026 18:30
Sources 1
About this happening:
The **Premium Deception** campaign used **nearly 250 fake Android apps** to enroll victims in premium mobile billing subscriptions, creating direct fraud risk across multiple coun...
Premium Deception Android malware campaign
CampaignAbout this happening: The **Premium Deception** campaign used **nearly 250 fake Android apps** to enroll victims in premium mobile billing subscriptions, creating direct fraud risk across multiple coun...
Timeline
-
21.04.2026 12:00 2 articles · 2mo ago
ESET reports NGate hiding in trojanized HandyPay
Initial DisclosureESET reports a new NGate variant targeting Android users in Brazil by hiding inside a trojanized HandyPay NFC payments app. The campaign uses fake app and fake lottery/WhatsApp lures to collect card PINs and NFC payment data, and the research notes that the malware has been active since November 2025 while recommending Google Play, NFC disabling when unused, and Play Protect for defense.
Show sources
- NGate Android malware uses HandyPay NFC app to steal card data — www.bleepingcomputer.com — 21.04.2026 12:00
- Trojanized Android App Fuels New Wave of NFC Fraud — www.infosecurity-magazine.com — 21.04.2026 19:00