Technology

Hackers Hiding NFC Carders Behind Apple Pay and Google Wallet

Cybercriminals have devised sophisticated methods to exploit Near Field Communication (NFC) technology via popular mobile payment platforms. These attackers are now leveraging Apple Pay and Google Wallet to conduct unauthorized transactions after obtaining victims’ card credentials through phishing operations. The scheme involves linking stolen payment card information to fraudulent mobile wallet accounts, allowing criminals to […] The post Hackers Hiding NFC Carders Behind Apple Pay and Google Wallet appeared first on Cyber Security News.

Apr 9, 2025 - 18:02
 0
Hackers Hiding NFC Carders Behind Apple Pay and Google Wallet

Cybercriminals have devised sophisticated methods to exploit Near Field Communication (NFC) technology via popular mobile payment platforms.

These attackers are now leveraging Apple Pay and Google Wallet to conduct unauthorized transactions after obtaining victims’ card credentials through phishing operations.

The scheme involves linking stolen payment card information to fraudulent mobile wallet accounts, allowing criminals to make contactless payments using the victims’ funds without requiring physical card access.

The attack typically begins with victims encountering deceptive websites that mimic delivery services, online retailers, or utility payment portals.

Unsuspecting users are prompted to link their payment cards or make small verification payments, which requires entering complete card details and confirming ownership via one-time passwords (OTPs).

Rather than processing legitimate transactions, these details are immediately transmitted to waiting cybercriminals.

Kaspersky researchers have discovered that these operations function at an almost industrial scale, with fraudsters acquiring numerous smartphones, creating multiple Apple or Google accounts, and systematically installing contactless payment applications to facilitate their schemes.

According to their investigation, attackers use specialized software to generate perfect digital replicas of victims’ cards, which are then photographed directly into mobile wallet applications for instant linkage.

What makes these attacks particularly effective is the significant time delay between credential theft and fund extraction.

Cybercriminals often wait weeks or even months before utilizing compromised cards, by which time victims may have forgotten about the suspicious website interaction.

When transactions finally occur, they typically involve luxury goods purchases in physical stores or ATM withdrawals through NFC-enabled smartphones, neither of which requires additional PIN or OTP verification.

The exploitation of NFC technology represents a significant evolution in payment fraud techniques, combining digital and physical elements to create schemes that are difficult to detect and trace through conventional security measures.

The Ghost Tap Technique

At the heart of this fraud ecosystem lies an NFC relay technique dubbed “Ghost Tap,” which security experts consider particularly dangerous due to its ability to bypass conventional anti-fraud measures.

This method involves installing legitimate applications like NFCGate on two separate smartphones – one containing the wallet with stolen cards and another used for making the actual payments.

The relay application transmits the wallet’s NFC data in real-time over an encrypted internet connection from the first device to the second device’s NFC antenna, which is then presented at payment terminals by criminal operatives known as “mules.” 

# Simplified representation of NFC relay operation
def nfc_relay(source_device, target_device):
    while connection_active:
        nfc_data = source_device.read_nfc_signal()
        encrypted_data = encrypt(nfc_data)
        send_over_internet(encrypted_data, target_device)

    # On target device
    def receive_and_transmit():
        received_data = receive_from_internet()
        decrypted_data = decrypt(received_data)
        target_device.broadcast_to_nfc_antenna(decrypted_data)

The technical sophistication of this approach lies in its ability to maintain signal integrity while relaying across distances.

Payment terminals and ATMs cannot distinguish between the relayed NFC signal and a legitimate one, making detection exceptionally difficult.

If security personnel apprehend the payment mule, their device contains only legitimate software with no direct evidence of stolen card credentials, which remain safely stored on the mastermind’s remote device, often located in entirely different geographic regions.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try 50 Request for Free

The post Hackers Hiding NFC Carders Behind Apple Pay and Google Wallet appeared first on Cyber Security News.

Read More

Tags:

Previous Article

Microsoft Exchange Admin Center Down Globally

Next Article

Shopware Security Plugin Exposes Systems to SQL Injection Attacks

Related Posts