The sophisticated scam that drains bank accounts at ATMs via mobile phones

When we talk about cybercrime, we know that the main goal of attackers is to obtain your personal and banking information. This is because with our personal information, they can impersonate us to commit further scams and deceptions, and even contact our bank, impersonate us, and drain our bank account.

This is a very pressing issue, and therefore, users, as well as all institutions and entities, are increasingly prepared to combat these types of attacks and fraud. Even so, and despite the fact that society has never been so aware of these threats , we are experiencing the years with the highest incidence of cybercrime.

The main reason for this is that at the same time that security measures become stronger, cybercriminals' scams and techniques become better and more sophisticated, making them even more difficult to detect. In recent weeks, a dangerous form of deception has been detected, in which cybercriminals are combining several techniques to empty your account by withdrawing money from ATMs.

This scheme, detected by the research team at cybersecurity firm ESET, revealed the rise of a malware called NGate, which can transmit payment card data using a fraudulent app that users unwittingly download.

It all starts with an SMS supposedly from your bank informing you of some kind of problem or transaction that you need to address immediately. The company mentions one related to tax returns, something that can make anyone nervous.

To solve this problem , they send you a link that, if you follow it, downloads a malicious app without you realizing it. This app has the ability to relay near-field communication (NFC) data from the victims' physical payment cards through their compromised Android smartphones .

As a result, the attackers could later use this data to conduct ATM transactions. But if this method failed, the attacker had a backup plan to transfer funds from the victims' accounts to other bank accounts.

"We have not seen this novel NFC relay technique in any previously discovered Android malware," the researchers stated. In addition to the technique used by the NGate malware, an attacker with physical access to payment cards can copy and emulate them. This technique could be used by an attacker attempting to read cards through unattended wallets, purses, backpacks, or smartphone cases containing cards, especially in crowded, public places.