The Reveal Platform
Intel Name: Ghostnfc/ngate-style android malware
Date of Scan: September 26, 2025
Impact: High
Summary: We recently observed GhostNFC/NGate-style Android malware being advertised and distributed via multiple Chinese-language Telegram channels. The malware is delivered as an APK file hosted on external servers, bypassing the Google Play Store. Ongoing analysis continues to reveal new samples and indicators linked to this threat. Cybercriminals are actively developing Android malware, particularly banking Trojans. A key capability includes stealing NFC payment data through relay attacks and ghost tapping techniques.
