Cyber attackers have compromised an Android payment app, leveraging a trojanized version to extract near field communication (NFC) data and PINs, facilitating the cloning of payment cards and subsequent account drainage. The NGate malware variant, infused into the HandyPay NFC-relay application, enables the transfer of NFC data to the attacker's device, which is then used for contactless ATM cash-outs. The campaign's sophistication suggests the use of artificial intelligence, with researchers from ESET noting the presence of emojis in logs, characteristic of GenAI-generated code1. This targeted attack underscores the vulnerability of NFC-based payment systems to malware and AI-driven threats. The ability to clone payment cards and drain accounts poses a significant risk to individuals and financial institutions, making it essential for practitioners to reevaluate the security of tap-to-pay systems and implement robust countermeasures to prevent such attacks.
NFC tap-to-pay gets tapped by hackers
⚡ High Priority
Why This Matters
“To trojanize HandyPay, threat actors most probably used GenAI, indicated by emoji left in the logs that are typical of
References
- CSO Online. (2026, April 22). NFC tap-to-pay gets tapped by hackers. CSO Online. https://www.csoonline.com/article/4161983/nfc-tap-to-pay-gets-tapped-by-hackers.html
Original Source
CSO Online
Read original →