:

NGATE MALWARE HIDES IN HANDYPAY APP TO STEAL NFC DATA

SECURITY DESK1 MIN READ
TUE, APR 21, 2026

■ AI-SUMMARIZED FROM 1 SOURCE ▸ TIMELINE

A new NGate malware variant is targeting Android users through a trojanized version of HandyPay, a legitimate mobile payments app. The malware steals NFC payment card data from infected devices.

NGate's Latest Target Security researchers have identified a fresh variant of the NGate Android malware disguised within a compromised HandyPay application. HandyPay is a legitimate mobile payments processing tool used by merchants and consumers for NFC transactions. How It Works The trojanized version intercepts NFC payment data, allowing attackers to capture card information from users conducting contactless payments. Once extracted, the stolen data can be used for unauthorized transactions or sold on underground markets. Distribution Method The malware spreads through compromised app stores or phishing campaigns directing users to download the fake HandyPay version. Users who install the trojanized app unknowingly grant the malware access to NFC communications and payment processing functions. User Protection Android users should download applications exclusively from Google Play Store, verify app publisher details, and keep devices updated with the latest security patches. Mobile payment users should monitor card statements for unauthorized activity.

■ SOURCES

Bleeping Computer

■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE

■ MORE FROM THE SECURITY DESK

Fraud losses extend far beyond chargebacks. False declines, account takeovers, and customer abuse collectively damage revenue and erode trust, according to fraud prevention analysis.

2H AGOIndustry Desk

Zimbra has issued an urgent security advisory urging customers to patch a critical cross-site scripting (XSS) vulnerability in its Classic Web Client. The flaw affects users of the Zimbra Collaboration suite.

2H AGOIndustry Desk

Facewatch, a facial recognition system used by major retailers including Sainsbury's and B&M, is launching real-time police alerts for serious offenders. Civil liberties groups have raised concerns about the technology's surveillance implications.

2H AGOIndustry Desk

Bright Data Ltd., an Israel-based web scraping startup, announced a $1 million bug bounty program as law enforcement intensifies oversight of the data collection industry.

5H AGOIndustry Desk

■ SUBSCRIBE TO THE DAILY BRIEF

ONE EMAIL, 5 STORIES, 06:00 UTC. UNSUBSCRIBE ANYTIME.