Malware, Threat Intelligence

Ghost Tap Android malware leveraged for payment data theft

Chinese threat operations TX-NFC and NFU Pay have been leveraging APKs masquerading as banking and financial apps to spread the NFC-enabled Ghost Tap Android malware that pilfers credit card details in social engineering campaigns that were mostly aimed at Brazil, Italy, Malaysia, Turkey, Uzbekistan, Greece, and Indonesia. , according to GBHackers News.

Installation of seemingly legitimate apps from illicit APK repositories allows Ghost Tap to ensure a relay mechanism between the targeted NFC-enabled device and the attacker-controlled command-and-control server, with the former serving as a reader device and the latter interacting with point-of-sale terminals, said Group-IB Threat Intelligence researchers in a series of posts on X, formerly Twitter.

Such techniques have allowed attackers to make unwanted purchases and cash withdrawals worldwide without raising alarms. Increasingly prevalent exploitation of NFC relay technology should prompt improved mobile endpoint security, transaction tracking, and public awareness campaigns among financial organizations and payment processors.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds