NewApp Digest
search bot

lottery

Trojanized Android App Fuels New Wave of NFC Fraud
AppWizard
April 21, 2026

Trojanized Android App Fuels New Wave of NFC Fraud

A new variant of the NGate malware family has emerged, using a trojanized Android application to capture payment card data and personal identification numbers (PINs). This modified version of HandyPay, a legitimate NFC relay app, has been distributed since November 2025, primarily targeting users in Brazil. The malware intercepts NFC payment card data and allows fraudulent transactions. Two distinct malware samples have been observed, delivered through phishing infrastructure that impersonates a Brazilian lottery site and a Google Play listing for a card protection tool. The trojanized app captures NFC data, requests the victim's card PIN, and transmits this information to attacker-controlled infrastructure. It requires minimal permissions, leveraging its role as the default payment application to evade detection. Evidence suggests that generative AI tools may have been used in its development, indicated by emoji markers in debug logs. ESET has reported its findings to Google, and Google Play Protect can detect known versions of the malware. The developer of HandyPay is investigating the misuse of its application.
NGate Android malware uses HandyPay NFC app to steal card data
AppWizard
April 21, 2026

NGate Android malware uses HandyPay NFC app to steal card data

A new variant of the NGate malware targets Android users by disguising itself within a trojanized version of the HandyPay app, which is a legitimate mobile payment processing application. This malware, documented since mid-2024, siphons payment card information through the mobile device's near-field communication (NFC) chip and sends the stolen data directly to attackers, who create virtual cards for unauthorized purchases or cash withdrawals from NFC-enabled ATMs. The new variant has been injected with malicious code into the HandyPay app, which has been available on Google Play since 2021. The code includes emojis, indicating the possible use of a generative AI tool in its development. The shift from previous iterations, which used an open-source tool named NFCGate, to HandyPay is likely motivated by financial considerations and the need for evasion, as HandyPay is more affordable and requires fewer permissions. This NGate variant has been active since November 2025, primarily targeting Android devices in Brazil. It employs two main distribution methods: a counterfeit app named “Proteção Cartão” hosted on a fraudulent Google Play page and a fake lottery website that redirects users to WhatsApp to download the malicious APK. Upon installation, the app prompts users to set it as their default NFC payment application, requests their card PIN, and instructs them to tap their card on the phone for reading, transmitting all collected information to an attacker's email address. To protect against such threats, Android users are advised to avoid downloading APKs from outside Google Play, disable NFC when not in use, and use Play Protect to scan for threats.
New NGate Android malware variant uses NFC app to steal card data
AppWizard
April 21, 2026

New NGate Android malware variant uses NFC app to steal card data

A new variant of the NGate Android malware exploits a legitimate NFC payment app, HandyPay, to steal users' card information and PINs, enabling unauthorized contactless transactions. This malicious version of HandyPay, which has been available since 2021, was identified by ESET researchers and is distributed through a fraudulent lottery website and a fake Google Play page. The malware captures sensitive information by prompting users to enter their payment card PIN and tap their card against the device, sending the data to an attacker-controlled phone and exfiltrating the PIN to a command-and-control server. The campaign employs social engineering tactics and requires minimal permissions, relying on users to enable app installations from unknown sources. The attackers use a centralized infrastructure for malware distribution and PIN collection, with evidence of compromised devices in Brazil. The shift to modifying a legitimate application is motivated by financial incentives, as it offers similar functionality at a lower cost compared to underground tools. Users are advised to avoid installing apps from unofficial sources and to ensure the legitimacy of applications before entering sensitive information.
Ubisoft made another Avatar game the world has forgotten about, so I opened Pandora’s boxed copy and dropped into the jungle
AppWizard
February 21, 2026

Ubisoft made another Avatar game the world has forgotten about, so I opened Pandora’s boxed copy and dropped into the jungle

The article discusses the eccentricities of PC gaming, focusing on the character 'Able' Ryder from the Avatar game developed by Ubisoft. Ryder, who comes from a background of poverty in a California megacity, wins a place in the Avatar Program and awakens at Hell's Gate on Pandora after five years of cryosleep. He receives a warning from a fellow soldier about the dangers of developing a conscience. The game featuring Ryder was released 14 years before the more recent Frontiers of Pandora, which has since added a third-person mode. Ryder's experiences include crashing a gunship and facing humorous consequences, highlighting the unpredictable nature of gaming narratives.
Marathon gets another technical test, but you won't hear anything about it
AppWizard
October 7, 2025

Marathon gets another technical test, but you won’t hear anything about it

The revival of the Marathon game franchise is facing challenges as Bungie works on its development. The first technical test did not meet expectations, leading to a delay in the launch and a change in creative leadership from Steve Cotton to Julia Nardin. A second technical test is scheduled for October, but it will be under a non-disclosure agreement (NDA), preventing public sharing of gameplay footage. Interested players can apply for the test from October 22 to October 28, with entries accepted until October 16 on Bungie's site and from October 13 to October 26 on Steam. The test will introduce new features, including three new maps, five runner shells, proximity chat, and a re-tuned combat pacing system.
Dev says Steam bug ruined "more than 10 years" of work and tanked their game's 1.0 launch, Valve says oops and offers a Daily Deal slot "to help make up for lost visibility"
AppWizard
September 19, 2025

Dev says Steam bug ruined “more than 10 years” of work and tanked their game’s 1.0 launch, Valve says oops and offers a Daily Deal slot “to help make up for lost visibility”

The developers of the indie game Planet Centauri experienced a significant setback during their 1.0 launch due to a bug in the Steam wishlist notification system, which resulted in their launch notifications not being sent out. This glitch, affecting less than 100 games since 2015, severely impacted their sales. Valve acknowledged the issue on September 12 and offered a Daily Deal to help mitigate the visibility loss, but industry experts noted that such deals cannot fully compensate for the effects of a failed launch. The developers highlighted the improbability of their situation, being one of only a few games affected out of over 86,000 on Steam.
Postgres for everything? not really..and here are some of the problems.
Tech Optimizer
August 12, 2025

Postgres for everything? not really..and here are some of the problems.

PostgreSQL can serve as a powerful all-in-one database, but real-world implementations often complicate its effectiveness due to complex corporate infrastructures. Accessing a production database may involve numerous network hops, firewalls, and antivirus software that can slow down performance. The lack of administrative privileges can hinder the use of extensions. Developers often turn to Kubernetes for more freedom, but this can introduce new challenges, such as unpredictable resource allocations and performance inconsistencies. Row-Level Security (RLS) can lead to performance overhead and complicate debugging. Centralizing business logic in stored procedures can enhance performance but complicates version control and tracking changes. In large organizations, policies governing technology use often create bottlenecks. PostgreSQL may not be optimal for portable setups (SQLite), simple caching (Redis), or specialized search functionalities (Elasticsearch, Meilisearch). It is most effective when developers have control over the environment, allowing it to handle various applications efficiently.
National Lottery website is down for 'once-in-a-generation' updates
AppWizard
August 4, 2025

National Lottery website is down for ‘once-in-a-generation’ updates

Users are experiencing difficulties accessing the National Lottery website and app due to a planned closure for significant upgrades, not an outage. As of 11 PM on Saturday, all draw game sales and prize claims in shops across the UK have been paused and are expected to resume late Monday morning. This closure is part of the largest technological upgrade in the National Lottery's 31-year history, anticipated to last approximately 36 hours. Customers will be unable to log into their online accounts, purchase draw tickets, or claim prizes until later today, Monday, August 4. Allwyn is upgrading the National Lottery’s gaming and retail systems to modernize the infrastructure, as the current systems have been in place since 2009. Some in-store terminals may experience delays in coming back online due to the upgrade processes.
Search