Cyber crooks are abusing a trojanized Android payment application to steal near field communication (NFC) data and PINs, enabling cloning of payment cards and draining victim accounts. According to ESET researchers, a new variant of the NGate malware has been infused into the HandyPay NFC-relay application to transfer NFC data to the attacker’s device and use it for contactless ATM cash-outs. Use of AI is suspected in the campaign. “To trojanize HandyPay, threat actors most probably used GenAI, indicated by emoji left in the logs that are typical of AI-generated text,“ the researchers said in a blog post. The campaign has been distributing two malware samples, through a fake lottery website ...