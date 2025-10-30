Android users have been increasingly targeted by NFC relay attacks , with malicious apps pilfering payment details in real time exceeding 760 since April 2024, reports HackRead

Over 70 command-and-control servers and multiple Telegram bots have been leveraged to support the operation, which involves apps impersonating banking and government apps, including Google Pay, Santander, and the Russian State Services Portal, according to an analysis from Zimperium.

Installation of the malevolent apps triggers a prompt seeking their selection as the default payment method, which would then be followed by the activation of NFC relay functionality to obtain card numbers, expiration dates, and EMV data, and facilitate near-instant fraud.

Attackers have also peddled exfiltrated card details via Telegram channels. Such a threat should prompt Android users to be wary of downloading apps from third-party stores. Users should not only be vigilant of suspicious payment settings requests but also ensure the implementation of up-to-date security software, researchers added.