Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

NGate Android Brazil fake-app and fake-lottery campaign

Campaign
First reported
Last updated
Happening score
H score 40
2 unique sources, 2 articles

Summary

Hide ▲

A NGate campaign has been active since November 2025, targeting primarily Android devices in Brazil and using fake-app and fake-lottery lures to spread a malicious payments app. The operation matters because it is built to collect NFC payment data and card credentials from a broad consumer cohort rather than from a single victim.

Related Happenings

Premium Deception Android malware campaign

Campaign
First: 20.05.2026 18:30 Last: 20.05.2026 18:30 Sources 1

About this happening: The **Premium Deception** campaign used **nearly 250 fake Android apps** to enroll victims in premium mobile billing subscriptions, creating direct fraud risk across multiple coun...

Open Happening

Android 17 expands platform security and privacy protections

Security Tool/Service
First: 12.05.2026 20:00 Last: 12.05.2026 20:00 Sources 1

About this happening: **Android 17** will add a broad set of **Google**-backed security and privacy controls next month, reducing exposure to **banking scam calls**, **device theft**, and **OTP theft**...

Open Happening

CallPhantom Google Play fraud campaign targeting Android users in India and Asia-Pacific

Campaign
First: 08.05.2026 18:08 Last: 08.05.2026 18:08 Sources 1

About this happening: The **CallPhantom** fraud campaign pushed **28 fake call-history Android apps** through the **Google Play Store**, causing **financial loss** for users who paid for fabricated dat...

Open Happening

NGate malware trojanized HandyPay NFC-stealing variant

Malware Activity
First: 21.04.2026 12:00 Last: 21.04.2026 12:00 Sources 1

How related: A new variant of the NGate malware that steals NFC payment data is targeting Android users by hiding in a trojanized version of HandyPay, a legitimate mobile payments processing tool.

About this happening: A **new NGate variant** is stealing **NFC payment data** from **Android users in Brazil**, raising the risk of **unauthorized purchases** and **ATM cash withdrawals**. The malware...

Open Happening

FakeWallet crypto wallet phishing campaign targeting users in China

Campaign
First: 21.04.2026 00:52 Last: 21.04.2026 00:52 Sources 1

About this happening: The **FakeWallet** campaign is actively distributing **26 malicious apps** that impersonate crypto wallets and steal **seed phrases**, putting **users in China** at immediate risk...

Latest development: 24.04.2026 14:48

Kaspersky said the FakeWallet campaign is gaining momentum with new tactics, including phishing apps published in the Apple App Store, cold wallet impersonation, and phishing notifications, and suspected it may be the work of threat actors linked to SparkKitty because some infected apps use OCR to steal wallet recovery phrases and the two campaigns share native Chinese-speaking operators and cryptocurrency targeting.

Open Happening

Timeline

  1. 21.04.2026 12:00 2 articles · 1mo ago

    ESET reports NGate hiding in trojanized HandyPay

    Initial Disclosure

    ESET reports a new NGate variant targeting Android users in Brazil by hiding inside a trojanized HandyPay NFC payments app. The campaign uses fake app and fake lottery/WhatsApp lures to collect card PINs and NFC payment data, and the research notes that the malware has been active since November 2025 while recommending Google Play, NFC disabling when unused, and Play Protect for defense.

    Show sources
    Open in new tab