"handypay app masquerading as the rio de premios app, which is hosted on the same server as the fake lottery website. during testing, we didn ’ t receive a reply from the attacker ’ s whatsapp account, but we attribute that to not using a brazilian phone number. the second ngate s…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1056Input Capture
80%
"time of writing this blogpost. it should also be noted that the maliciously patched version of handypay has never been available on the official google play store. as an app defense alliance partner, we shared our findings with google. android users are automatically protected ag…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1056Input Capture
61%
"asking them to allow installation from this source. the user simply needs to tap settings in that prompt, enable “ allow from this source ”, return to the download screen, and continue installing the app. once installed, the app asks to be set as the default payment app, which ca…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1056Input Capture
60%
"new ngate variant hides in a trojanized nfc payment app eset research has discovered a new variant of the ngate malware family that abuses a legitimate android application called handypay, instead of the previously leveraged nfcgate tool. the threat actors took the app, which is …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1111Multi-Factor Authentication Interception
45%
"phantomcard attacks that also targeted brazil employed nfu pay to facilitate data transfer. in the case of the campaign described in this blogpost, however, the threat actors decided to go with their own solution and maliciously patched an existing app – handypay. handypay ( offi…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.001Compromise Software Dependencies and Development Tools
45%
"to be made the default payment app, helping the threat actors avoid raising suspicion. as we already alluded to in the introduction, the malicious code used to trojanize handypay shows signs of having been produced with the help of genai tools. specifically, the malware logs cont…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
ESET researchers discover another iteration of NGate malware, this time possibly developed with the assistance of AI