NGate: Trojanized HandyPay in Brazil Steals NFC Data and PINs for Card Thefts

Colleagues, a cybersecurity alert: a campaign named NGate has been discovered — a trojanized version of HandyPay targeting users in Brazil.
- ESET reports attackers modified HandyPay by embedding malicious code, likely with LLM assistance.
- A module intercepts card NFC data and entered PINs, exfiltrates them to a C2 server, enabling cash-outs and unauthorized payments.
- Distribution via fake websites (masquerading as the Rio de Prêmios lottery) and counterfeit pages; the app requests to become the default payment app and to enter the PIN.
Why this matters: the rise of NFC fraud and the use of generative AI amplify risks to users and business processes.
Which measures do you consider priorities to protect cards and users?
#cybersecurity #NFC #mobilesecurity #finsecurity


Latest comments
No comments yet.