Horror Android mistake lets crooks clone your bank card in seconds for spending spree – and even silently withdraw cash

A NEW strain of malware is ripping through Android devices and cloning people’s bank cards, letting hackers go on spending sprees with cash that isn’t theirs.

The hacking campaign, which was first detected in November last year, even lets threat actors silently withdraw money from ATMs.

The new malware is called NGate, which can steal the information from payment cards and imitate them to make unauthorised payments.

Cyber researchers at ESET, who have published a new report on the malware, said it has been running rampant in Czechia.

It’s possible the campaign could creep outside of the country.

Android owners can protect themselves, however.

All they need to do is be wary of any suspicious texts, automated calls, pre-recorded messages or malvertising.

It’s these four avenues that hackers take to gain access to banking information in NGate attacks.

Cyber crooks trick an Android user with a fake message about their banking app being outdated, urging them to install the latest version for security reasons.

They then send a link to download the malware that will allow hackers to clone the victims’ bank cards.

Malvertisements – or, malicious adverts – often appear on social media, and can be used by hackers to lure victims into installing a supposedly critical app update.

The app updates are fake, and are actually progressive web apps (PWAs) used to disguise the NGate malware.

PWAs are a sophisticated phishing technique that mimic apps and browser windows with convincing web addresses to steal information.

They use official bank app logos – and feature a legitimate-appearing login screen – to fool innocent victims into handing over their bank details.

PWAs can even fool Google and Apple to bypass installation restrictions for apps outside the official stores.

Distinguishing fake PWAs from legitimate apps is nearly impossible.