Tag: nfc

Ghost-Tap Scam Makes Payments Scarier

Dec 5, 2025 12:32 PM

Tags: exploit, mobile, nfc, scam

The BBB warns of a rising ghost-tap scam exploiting tap-to-pay cards and mobile wallets. How attackers use NFC proximity tricks. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/ghost-tap-scam-makes-payments-scarier/
Ghost-Tap Scam Makes Payments Scarier

Dec 5, 2025 12:32 PM

Tags: exploit, mobile, nfc, scam

The BBB warns of a rising ghost-tap scam exploiting tap-to-pay cards and mobile wallets. How attackers use NFC proximity tricks. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/ghost-tap-scam-makes-payments-scarier/
Ghost-Tap Scam Makes Payments Scarier

Dec 5, 2025 12:32 PM

Tags: exploit, mobile, nfc, scam

The BBB warns of a rising ghost-tap scam exploiting tap-to-pay cards and mobile wallets. How attackers use NFC proximity tricks. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/ghost-tap-scam-makes-payments-scarier/
Defending digital identity from computer-using agents (CUAs)

Nov 7, 2025 2:20 PM

Tags: access, ai, api, attack, authentication, automation, breach, captcha, cisa, computer, control, corporate, credentials, cybersecurity, data, data-breach, defense, detection, email, exploit, fido, google, identity, infrastructure, login, malicious, malware, nfc, passkey, password, phishing, saas, service, skills, social-engineering, tool, unauthorized, update

Principle of least effort: Our brains seek shortcuts to reduce cognitive load, making password reuse seem rational.Security fatigue: Frequent password changes and complex rules frustrate users, pushing them toward reuse.As a result, users often rotate between 410 core passwords. According to an article by Enzoic, the average person reuses the same password across as many as 14…
Defending digital identity from computer-using agents (CUAs)

Nov 7, 2025 2:20 PM

Tags: access, ai, api, attack, authentication, automation, breach, captcha, cisa, computer, control, corporate, credentials, cybersecurity, data, data-breach, defense, detection, email, exploit, fido, google, identity, infrastructure, login, malicious, malware, nfc, passkey, password, phishing, saas, service, skills, social-engineering, tool, unauthorized, update

Principle of least effort: Our brains seek shortcuts to reduce cognitive load, making password reuse seem rational.Security fatigue: Frequent password changes and complex rules frustrate users, pushing them toward reuse.As a result, users often rotate between 410 core passwords. According to an article by Enzoic, the average person reuses the same password across as many as 14…
New NGate Malware Lets Hackers Drain ATMs Remotely

Nov 6, 2025 11:19 PM

Tags: android, hacker, malware, nfc, social-engineering

The NGate malware uses Android NFC relays and social engineering to let attackers withdraw cash from ATMs without stealing victims’ cards. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/news-ngate-malware-poland-atm/
NGate Malware Enables Unauthorized Cash Withdrawals at ATMs Using Victims’ Payment Cards

Nov 5, 2025 1:19 PM

Tags: android, attack, communications, cyber, exploit, malware, nfc, phone, technology, threat, unauthorized

NGate represents a sophisticated Android-based threat that exploits NFC technology to enable unauthorized ATM cash withdrawals without physically stealing payment cards. Rather than stealing cards outright, threat actors use an ingenious relay attack that intercepts the card’s NFC communications from a victim’s Android phone and transmits them to an attacker-controlled device positioned at an ATM,…
NGate Malware Enables Unauthorized Cash Withdrawals at ATMs Using Victims’ Payment Cards

Nov 5, 2025 1:19 PM

Tags: android, attack, communications, cyber, exploit, malware, nfc, phone, technology, threat, unauthorized

NGate represents a sophisticated Android-based threat that exploits NFC technology to enable unauthorized ATM cash withdrawals without physically stealing payment cards. Rather than stealing cards outright, threat actors use an ingenious relay attack that intercepts the card’s NFC communications from a victim’s Android phone and transmits them to an attacker-controlled device positioned at an ATM,…
Android Apps misusing NFC and HCE to steal payment data on the rise

Nov 3, 2025 4:19 PM

Tags: android, attack, data, fraud, nfc

Zimperium zLabs found 760+ Android apps abusing NFC and HCE to steal payment data, showing a surge in NFC relay fraud since April 2024. Zimperium zLabs researchers spotted over 760 Android apps abusing Near-Field Communication (NFC) and Host Card Emulation (HCE) to steal payment data and commit fraud, showing rapid growth in NFC relay attacks…
Massive surge of NFC relay malware steals Europeans’ credit cards

Oct 30, 2025 10:19 PM

Tags: android, credit-card, malicious, malware, nfc

Near-Field Communication (NFC) relay malware has grown massively popular in Eastern Europe, with researchers discovering over 760 malicious Android apps using the technique to steal people’s payment card information in the past few months. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/massive-surge-of-nfc-relay-malware-steals-europeans-credit-cards/
Hackers Use NFC Relay Malware to Clone TapPay Android Transactions

Oct 30, 2025 4:19 PM

Tags: android, cybersecurity, hacker, malware, mobile, nfc, threat

A new investigation from mobile security firm Zimperium has revealed a fast-growing cybersecurity threat targeting Android users through… First seen on hackread.com Jump to article: hackread.com/nfc-relay-malware-clone-tap-to-pay-android/
NFC Relay Attack: 700+ Android Apps Harvest Banking Login Details

Oct 30, 2025 4:19 PM

Tags: android, attack, banking, credentials, cyber, cybercrime, finance, login, malicious, nfc, russia, technology, threat

A sophisticated cybercrime campaign leveraging Near Field Communication technology has exploded across multiple continents, with researchers at zLabs identifying over 760 malicious Android applications designed to steal banking credentials and facilitate fraudulent transactions. What initially appeared as isolated incidents in April 2024 has evolved into a large-scale threat operation targeting financial institutions across Russia, Poland,…
NFC Relay Attack: 700+ Android Apps Harvest Banking Login Details

Oct 30, 2025 4:19 PM

Tags: android, attack, banking, credentials, cyber, cybercrime, finance, login, malicious, nfc, russia, technology, threat

A sophisticated cybercrime campaign leveraging Near Field Communication technology has exploded across multiple continents, with researchers at zLabs identifying over 760 malicious Android applications designed to steal banking credentials and facilitate fraudulent transactions. What initially appeared as isolated incidents in April 2024 has evolved into a large-scale threat operation targeting financial institutions across Russia, Poland,…
New Smish: New York Department of Revenue

Sep 30, 2025 4:08 PM

Tags: access, android, apple, authentication, breach, browser, china, chrome, credit-card, data, dns, group, iphone, mobile, nfc, phishing, phone, scam, software, spam, strategy, usa, windows

As I was visiting SmishTank to report the most recent SMish that I had received (an iMessage from a +27 South African telephone number claiming to be from ParkMobile) I noticed there had been many recent submissions from the New York Department of Revenue. SmishTank is operated by Professor Muhammad Lutfor Rahman, a colleague of mine…
RatOn Android Malware Detected With NFC Relay and ATS Banking Fraud Capabilities

Sep 9, 2025 4:08 PM

Tags: access, android, attack, banking, fraud, malware, mobile, nfc, threat, tool

A new Android malware called RatOn evolved from a basic tool capable of conducting Near Field Communication (NFC) attacks to a sophisticated remote access trojan with Automated Transfer System (ATS) capabilities to conduct device fraud.”RatOn merges traditional overlay attacks with automatic money transfers and NFC relay functionality making it a uniquely powerful threat,” the Dutch…
RatOn Hijacks Bank Account to Launch Automated Money Transfers

Sep 9, 2025 3:09 PM

Tags: android, attack, banking, cyber, finance, fraud, group, mobile, nfc, tactics, threat, tool

Dubbed RatOn, that combines traditional overlay attacks with NFC relay tactics to hijack bank accounts and initiate automated money transfers. Developed from scratch by a threat actor group observed since July 2025, RatOn represents a significant evolution in mobile fraud capabilities. Security researchers have uncovered a new Android banking trojan Unlike standalone NFC relay tools…
RatOn Hijacks Bank Account to Launch Automated Money Transfers

Sep 9, 2025 3:09 PM

Tags: android, attack, banking, cyber, finance, fraud, group, mobile, nfc, tactics, threat, tool

Dubbed RatOn, that combines traditional overlay attacks with NFC relay tactics to hijack bank accounts and initiate automated money transfers. Developed from scratch by a threat actor group observed since July 2025, RatOn represents a significant evolution in mobile fraud capabilities. Security researchers have uncovered a new Android banking trojan Unlike standalone NFC relay tools…
âš¡ Weekly Recap: NFC Fraud, Curly COMrades, N-able Exploits, Docker Backdoors & More

Aug 18, 2025 3:54 PM

Tags: backdoor, docker, exploit, fraud, nfc, update

Power doesn’t just disappear in one big breach. It slips away in the small stuff”, a patch that’s missed, a setting that’s wrong, a system no one is watching. Security usually doesn’t fail all at once; it breaks slowly, then suddenly. Staying safe isn’t about knowing everything”, it’s about acting fast and clear before problems…
New Ghost-Tapping Attacks Target Apple Pay and Google Pay Users’ Linked Cards

Aug 18, 2025 1:54 PM

Tags: apple, attack, breach, china, credentials, cyber, cybercrime, google, mobile, nfc, phone, service, tactics

Chinese-speaking cybercriminals are using ghost-tapping techniques to take advantage of Near Field Communication (NFC) relay tactics in a sophisticated evolution of payment card fraud. They are mainly targeting mobile payment services such as Apple Pay and Google Pay. This attack vector involves relaying stolen payment card credentials from compromised devices to mules’ burner phones, enabling…
ReVault flaws let attackers bypass Windows login or place malware implants on Dell laptops

Aug 7, 2025 12:11 AM

Tags: access, attack, authentication, cisco, credentials, cve, encryption, exploit, firmware, flaw, Hardware, login, malware, nfc, risk, service, strategy, threat, update, vulnerability, windows

Planting implants: An investigation by Cisco Talos uncovered two out-of-bounds vulnerabilities (CVE-2025-24311, CVE-2025-25050) an arbitrary free (CVE-2025-25215) and a stack-overflow flaw (CVE-2025-24922), all affecting the ControlVault firmware.The same researchers also discovered an unsafe deserialization flaw (CVE-2025-24919) affecting ControlVault’s Windows APIs. This vulnerability makes it possible to trigger arbitrary code execution on the ControlVault firmware, allowing…
Chinese Threat: NFC-Enabled Fraud in the Philippines’ Financial Sector

Jul 8, 2025 9:34 PM

Tags: china, finance, fraud, nfc, threat

First seen on resecurity.com Jump to article: www.resecurity.com/blog/article/chinese-threat-nfc-enabled-fraud-in-the-philippines-financial-sector
Massive Android Fraud Operations Uncovered: IconAds, Kaleidoscope, SMS Malware, NFC Scams

Jul 3, 2025 6:34 PM

Tags: android, fraud, intelligence, malware, mobile, nfc, scam, threat

A mobile ad fraud operation dubbed IconAds that consisted of 352 Android apps has been disrupted, according to a new report from HUMAN.The identified apps were designed to load out-of-context ads on a user’s screen and hide their icons from the device home screen launcher, making it harder for victims to remove them, per the…
ESET Warns Cybercriminals Are Targeting NFC Data for Contactless Payments

Jun 28, 2025 3:34 PM

Tags: attack, banking, cyber, cybercrime, data, exploit, nfc, threat

ESET researchers have uncovered a sophisticated attack vector exploiting Near Field Communication (NFC) data, initially targeting Czech banking customers but now spreading worldwide. According to the ESET Threat Report H1 2025, the incidence of NFC-related attacks has skyrocketed, with telemetry data showing a staggering 35-fold increase in the first half of 2025 compared to the…
New Android Malware Surge Hits Devices via Overlays, Virtualization Fraud, and NFC Theft

Jun 20, 2025 5:35 PM

Tags: android, cybersecurity, data-breach, fraud, malware, mobile, nfc, service, theft, threat

Cybersecurity researchers have exposed the inner workings of an Android malware called AntiDot that has compromised over 3,775 devices as part of 273 unique campaigns.”Operated by the financially motivated threat actor LARVA-398, AntiDot is actively sold as a Malware-as-a-Service (MaaS) on underground forums and has been linked to a wide range of mobile campaigns,” PRODAFT…
New Android Malware Surge Hits Devices via Overlays, Virtualization Fraud and NFC Theft

Jun 19, 2025 9:35 PM

Tags: android, cybersecurity, data-breach, fraud, malware, mobile, nfc, service, theft, threat

Cybersecurity researchers have exposed the inner workings of an Android malware called AntiDot that has compromised over 3,775 devices as part of 273 unique campaigns.”Operated by the financially motivated threat actor LARVA-398, AntiDot is actively sold as a Malware-as-a-Service (MaaS) on underground forums and has been linked to a wide range of mobile campaigns,” PRODAFT…
Russia detects first SuperCard malware attacks skimming bank data via NFC

Jun 17, 2025 4:54 PM

Tags: access, attack, communications, data, finance, malware, nfc, russia

Malware detected previously in Italy has popped up in Russia, researchers said. Attackers use it to access devices’ near field communications (NFC) and steal payment card data. First seen on therecord.media Jump to article: therecord.media/supercard-nfc-banking-malware-russia
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 43

Apr 27, 2025 11:51 AM

Tags: attack, backdoor, botnet, china, crypto, fraud, infrastructure, international, malware, nfc, rust, supply-chain

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Inside Gamaredon’s PteroLNK: Dead Drop Resolvers and evasive Infrastructure XRP supply chain attack: Official NPM package infected with crypto stealing backdoor SuperCard X: exposing a Chinese-speaker MaaS for NFC Relay fraud operation New Rust Botnet >>RustoBot
NFC-Powered Android Malware Enables Instant Cash-Outs

Apr 24, 2025 9:50 PM

Tags: android, credit-card, malware, nfc, phone

Researchers at security vendor Cleafy detailed a malware known as SuperCard X that uses the NFC reader on a victim’s own phone to steal credit card funds instantly. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/nfc-android-malware-instant-cash-outs
How NFC-Enabled POS Terminals Facilitate Cybercriminal Money Laundering Chains

Apr 24, 2025 5:50 PM

Tags: cybercrime, nfc

First seen on resecurity.com Jump to article: www.resecurity.com/blog/article/how-nfc-enabled-pos-terminals-facilitate-cybercriminal-money-laundering-chains
Hackers Conceal NFC Carders Behind Apple Pay and Google Wallet

Apr 8, 2025 9:43 PM

Tags: apple, cyber, cybercrime, exploit, finance, fraud, google, hacker, mobile, nfc, password, technology, vulnerability

In a disturbing evolution of financial fraud, cybercriminals are leveraging advanced techniques to exploit mobile payment systems such as Apple Pay and Google Wallet. Once reliant on magnetic stripe card cloning, fraudsters have adapted to breakthroughs in card security technology like chip cards and one-time passwords, exploiting vulnerabilities in contactless payments and digital wallets. By…