ESET researchers identified a new variant of the NGate Android malware that trojanizes the legitimate HandyPay application to facilitate NFC relay attacks and steal payment card PINs. Targeting users in Brazil through social engineering and fake app stores, the malware allows attackers to conduct unauthorized ATM cash-outs while requiring no suspicious device permissions.