Russian police bust bank-account hacking gang that used NFCGate-based malware

Steven

Russian police bust bank-account hacking gang that used NFCGate-based malware

Summary

Russian police say they have dismantled a group that stole millions from bank customers using malware built on NFCGate, an open-source NFC relaying tool that cybercriminals have increasingly adapted for financial theft. Authorities detained several suspects, including the developer and main administrator of the malicious tool. The malware was pushed via WhatsApp and Telegram as fake banking apps; victims were socially engineered to hold their card to the back of their phone and enter their PIN, allowing attackers to emulate cards and withdraw cash remotely. Preliminary losses exceed 200 million rubles (about $2.6m), while security trackers estimate NFCGate-based strains have taken roughly 1.6 billion rubles (~$18m) by the end of 2025. Investigations are ongoing to map the wider network.

Key Points

  • Russian Interior Ministry reports arrests of several suspects, including the malware developer/administrator.
  • Malware leveraged NFCGate — a legitimate open-source tool — repurposed to emulate victims’ cards for remote withdrawals.
  • Attack distribution used WhatsApp and Telegram, posing as legitimate bank apps to trick victims into installing fraud software.
  • Social-engineering step: victims hold their card to the phone and enter their PIN during a fake “authorisation”, enabling credential harvesting.
  • Preliminary losses cited at >200 million rubles (~$2.6m); broader NFCGate-based campaigns estimated to have stolen ~1.6 billion rubles by end-2025.
  • Authorities are still trying to identify the full criminal network behind the scheme.

Context and relevance

The misuse of legitimate NFC tooling like NFCGate is a rising trend in mobile-banking fraud. This takedown shows law enforcement can disrupt developers/operators, but also underlines how quickly open-source utilities can be weaponised and modified to scale attacks across borders. Financial institutions, fraud teams and mobile-app developers should watch for similar social-engineering vectors and NFC-emulation threats.

Why should I read this?

Because this scam is annoyingly clever and simple — and it affects ordinary bank customers. If you care about fraud prevention, customer protection or mobile-banking security, this piece tells you the exact trick attackers are using (spoiler: hold your card to your phone and enter your PIN) so you can tighten controls and warn users. We’ve read the detail so you don’t have to.

Source

Source: https://therecord.media/russian-police-bust-banking-hackers-nfcgate-based-malware