The attack’s sophistication extends to its evolution into “Ghost Tap” operations, where compromised card data populates entire farms of Android devices programmed for automated fraudulent transactions across global payment networks. The initial attack vector relies on SMS-based phishing campaigns that direct victims to fraudulent banking websites, subsequently deploying malicious Progressive Web Apps (PWAs) that bypass traditional app store security measures. A sophisticated new malware campaign targeting Near Field Communication (NFC) payment systems has emerged as a significant global cybersecurity threat, transforming what began as a localized attack in Eastern Europe into a worldwide phenomenon. ESET researchers identified the malware as exploiting NFCGate technology, originally developed as a legitimate research tool by students at the Technical University of Darmstadt’s Secure Mobile Networking Lab, but now weaponized for financial fraud. These applications harvest banking credentials before initiating voice-based social engineering attacks, where criminals impersonate bank employees to manipulate victims into downloading the NGate malware. The relay mechanism operates by establishing a covert communication channel between the victim’s device and the attacker’s infrastructure, effectively creating a virtual extension of the victim’s payment card. The attack methodology combines traditional social engineering tactics with advanced NFC manipulation techniques, creating a multi-layered deception that has proven highly effective against unsuspecting victims. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Once installed, NGate prompts victims to place their payment cards against their smartphone’s NFC reader under the pretense of PIN verification or security updates. This dramatic surge underscores the rapid adaptation and scalability of cybercriminal operations targeting contactless payment infrastructure, capitalizing on the widespread adoption of mobile payment technologies. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. The threat has demonstrated explosive growth, with ESET telemetry data revealing a staggering 35-fold increase in NFC-related attacks during the first half of 2025 compared to the second half of 2024. The malicious operation, first identified by ESET researchers in late 2023 among Czech banking customers, has now expanded across multiple continents with devastating efficiency. Tushar is a Cyber security content editor with a passion for creating captivating and informative content.
This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 27 Jun 2025 15:30:15 +0000