Find notable cyber news and cases, enriched with sources, timelines, and signals.

NGate Android Brazil fake-app and fake-lottery campaign

Campaign
First reported
Last updated
Happening score
H score 37
2 unique sources, 2 articles

Summary

Hide ▲

A NGate campaign has been active since November 2025, targeting primarily Android devices in Brazil and using fake-app and fake-lottery lures to spread a malicious payments app. The operation matters because it is built to collect NFC payment data and card credentials from a broad consumer cohort rather than from a single victim.

Related Happenings

NFCShare Android malware spreads via fake banking-app updates

Malware Activity
H score21 First: 09.06.2026 01:11 Last: 09.06.2026 01:11 Sources 1

About this happening: The **NFCShare Android malware** is being spread as **fake banking-app updates on GitHub**, broadening attacks against **customers of multiple banks and financial institutions acr...

NFCShare fake banking-app update phishing campaign

Campaign
H score40 First: 09.06.2026 01:11 Last: 09.06.2026 01:11 Sources 1

About this happening: The **NFCShare** phishing campaign is using **fake banking-app updates** on **GitHub** to steal **payment card data** from customers of multiple banks across **Europe**, expanding...

Magecart Stripe and Google Tag Manager card-skimming campaign

Campaign
H score36 First: 04.06.2026 23:47 Last: 04.06.2026 23:47 Sources 1

About this happening: The **Magecart** campaign is abusing **Stripe's API infrastructure** and **Google Tag Manager** containers to steal checkout data from **Magento/Adobe Commerce** stores. The skimm...

Google rolls out Android fake call detection against AI impersonation scam calls

Security Tool/Service
H score20 First: 03.06.2026 12:02 Last: 03.06.2026 12:02 Sources 1

About this happening: **Google** is rolling out **fake call detection** on **Android 12 and later** devices this month, giving users a built-in warning when a caller may be using **AI voice-cloning** o...

Premium Deception Android malware campaign

Campaign
H score38 First: 20.05.2026 18:30 Last: 20.05.2026 18:30 Sources 1

About this happening: The **Premium Deception** campaign used **nearly 250 fake Android apps** to enroll victims in premium mobile billing subscriptions, creating direct fraud risk across multiple coun...

Timeline

  1. 21.04.2026 12:00 2 articles · 2mo ago

    ESET reports NGate hiding in trojanized HandyPay

    Initial Disclosure

    ESET reports a new NGate variant targeting Android users in Brazil by hiding inside a trojanized HandyPay NFC payments app. The campaign uses fake app and fake lottery/WhatsApp lures to collect card PINs and NFC payment data, and the research notes that the malware has been active since November 2025 while recommending Google Play, NFC disabling when unused, and Play Protect for defense.

    Show sources