Cybersecurity researchers have uncovered a new Android malware called NGate, which can relay victims’ contactless payment data from physical credit and debit cards to an attacker-controlled device, enabling fraudulent transactions. The malware targets three banks in Czechia and operates by tricking users into installing malicious apps via social engineering and SMS phishing. Once installed, NGate captures NFC data and transmits it to the attacker’s device to clone the card and withdraw money from ATMs. The malware has roots in a legitimate tool, NFCGate, and has been active since November 2023. Google has confirmed that no apps containing the malware were found on the Google Play Store, and users are protected by Google Play Protect against known versions of NGate.