Part 8/10:
Victims would receive messages appearing to originate from their banks, convincing them to download malicious APK files via messaging platforms like WhatsApp or Telegram. Once installed, these fake banking apps would prompt users to authenticate by tapping their bank cards on their phones—a technique enabled by NFC technology.
However, the real malicious component was NFCGate, an open-source tool that relays NFC signals between two devices over the internet, effectively hijacking NFC transactions. Cybercriminals would set up a relay device near an ATM or point-of-sale terminal, capturing real-time card data. Simultaneously, they would perform fraudulent transactions, including cash withdrawals, by placing their devices in proximity to victims' cards.