CyberSecurityBoard
Sponsor Register Login

Hackers Hiding NFC Carders Behind Apple Pay and Google Wallet

The scheme involves linking stolen payment card information to fraudulent mobile wallet accounts, allowing criminals to make contactless payments using the victims’ funds without requiring physical card access. If security personnel apprehend the payment mule, their device contains only legitimate software with no direct evidence of stolen card credentials, which remain safely stored on the mastermind’s remote device, often located in entirely different geographic regions. The exploitation of NFC technology represents a significant evolution in payment fraud techniques, combining digital and physical elements to create schemes that are difficult to detect and trace through conventional security measures. Kaspersky researchers have discovered that these operations function at an almost industrial scale, with fraudsters acquiring numerous smartphones, creating multiple Apple or Google accounts, and systematically installing contactless payment applications to facilitate their schemes. Unsuspecting users are prompted to link their payment cards or make small verification payments, which requires entering complete card details and confirming ownership via one-time passwords (OTPs). This method involves installing legitimate applications like NFCGate on two separate smartphones – one containing the wallet with stolen cards and another used for making the actual payments. According to their investigation, attackers use specialized software to generate perfect digital replicas of victims’ cards, which are then photographed directly into mobile wallet applications for instant linkage. At the heart of this fraud ecosystem lies an NFC relay technique dubbed “Ghost Tap,” which security experts consider particularly dangerous due to its ability to bypass conventional anti-fraud measures. These attackers are now leveraging Apple Pay and Google Wallet to conduct unauthorized transactions after obtaining victims’ card credentials through phishing operations. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Cybercriminals have devised sophisticated methods to exploit Near Field Communication (NFC) technology via popular mobile payment platforms. Payment terminals and ATMs cannot distinguish between the relayed NFC signal and a legitimate one, making detection exceptionally difficult.

This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 09 Apr 2025 14:30:20 +0000


Cyber News related to Hackers Hiding NFC Carders Behind Apple Pay and Google Wallet

Unveiling the Power of NFC Technology - Key Components of NFC Technology Tags and Readers NFC technology is based on two essential components: tags and readers. This exchange of information is what enables NFC technology to be used for various applications, such as contactless payments, ...
1 year ago Feeds.dzone.com
Hackers Hiding NFC Carders Behind Apple Pay and Google Wallet - The scheme involves linking stolen payment card information to fraudulent mobile wallet accounts, allowing criminals to make contactless payments using the victims’ funds without requiring physical card access. If security personnel apprehend ...
2 months ago Cybersecuritynews.com
CVE-2023-53023 - In the Linux kernel, the following vulnerability has been resolved: ...
2 months ago
Lazarus hacked Bybit via breached Safe{Wallet} developer machine - While investigating the attack, crypto fraud investigator ZachXBT discovered links between the Bybit hackers and the infamous North Korean Lazarus threat group after the attackers sent some of the stolen Bybit funds to an Ethereum address previously ...
3 months ago Bleepingcomputer.com Lazarus Group
Coinbase phishing email tricks users with fake wallet migration - A large-scale Coinbase phishing attack poses as a mandatory wallet migration, tricking recipients into setting up a new wallet with a pre-generated recovery phrase controlled by attackers. Instead, the phishing email includes a recovery phrase, which ...
3 months ago Bleepingcomputer.com
Apple May Open iPhone NFC Access To Competitors - Apple reportedly offers to open access to iPhone and iPad standardised NFC to competitors in bid to settle antitrust probe. Apple may reportedly open the standardised tap-to-pay technology in iPhones to competitors following an antitrust ...
1 year ago Silicon.co.uk
Arrests in Tap-to-Pay Scheme Powered by Phishing – Krebs on Security - Asked for specifics about the mobile devices seized from the suspects, Lyon said “tap-to-pay fraud involves a group utilizing Android phones to conduct Apple Pay transactions utilizing stolen or compromised credit/debit card information,” ...
3 months ago Krebsonsecurity.com
Critical Vulnerabilities in Browser Wallets Let Attackers Drain your Funds - Meanwhile, Coin98 Wallet contained a vulnerability allowing attackers to send crafted messages with isDev:true parameter to the Content Script, making the Background Script believe commands came from the legitimate Wallet UI rather than a malicious ...
1 month ago Cybersecuritynews.com CVE-2023-40580
Is Your Online Store Hacked in a Carding Attack? - Hackers are plotting to benefit from the generosity of Halloween, Thanksgiving, and Christmas shoppers using carding attacks as we gear up for the holiday season shopping. Online companies selling products or services are struggling with the growing ...
1 year ago Cybersecuritynews.com
Crypto wallet-draining attacks necessitate security rethink The Register - Infosec researchers are noting rising cryptocurrency attacks and have encouraged wallet security providers to up their collective game. Introduced in 2019, CREATE2 is seen as a significant advancement for Ethereum, allowing for more efficient ...
1 year ago Go.theregister.com
Google Cloud Next 2024: New Data Center Chip Joins Ecosystem - Google Cloud announced a new enterprise subscription for Chrome and a bevy of generative AI add-ons for Google Workspace during the Cloud Next '24 conference, held in Las Vegas from April 9 - 11. Overall, Google Cloud is putting its Gemini generative ...
1 year ago Techrepublic.com
Nest Wallet CEO Loses $125,000 in Wallet Draining Scam - The co-founder and CEO of a startup cryptocurrency wallet said he lost $125,000 in crypto in a scam, becoming among the latest victims of the growing threat of wallet drainer malware that one cybersecurity firm stole almost $300 million from more ...
1 year ago Securityboulevard.com
Ahead of Regulatory Wave: Google's Pivotal Announcement for EU Users - Users in the European Union will be able to prevent Google services from sharing their data across different services if they do not wish to share their data. Google and five other large technology companies must comply with the EU's Digital Markets ...
1 year ago Cysecurity.news
Hackers Stolen Over $58 Million Crypto Via Malicious Google Ads - Threat actors targeting crypto wallets for illicit transactions have been in practice for quite some time. Threat actors have been using Wallet Drainers for such cybercrime activities, which have seen great success in recent years. Several techniques ...
1 year ago Gbhackers.com
Navigating the Perilous Waters of Crypto Phishing Attacks - Key Highlights: Check Point Research Unveils Rise in Sophisticated Crypto Phishing: An investigation reveals an alarming increase in advanced phishing schemes targeting a variety of blockchain networks, employing wallet-draining techniques. ...
1 year ago Blog.checkpoint.com
FBI confirms Lazarus hackers were behind $1.5B Bybit crypto heist - Since the incident, crypto fraud investigator ZachXBT discovered multiple links to the infamous North Korean threat group after the attackers sent some of the stolen Bybit funds to an Ethereum address used in the Phemex, BingX, and Poloniex hacks ...
3 months ago Bleepingcomputer.com APT3 APT38 Lazarus Group
Hackers Turning Stolen Payment Card Data into Apple & Google Wallets - Unlike earlier carding methods reliant on cloned magnetic stripes, this approach exploits contactless payment infrastructure via NFC relay tools like NFCGate—a repurposed academic tool originally designed for testing NFC security. Security analysts ...
4 months ago Cybersecuritynews.com
Google Fi User Data Breached Through T-Mobile Hack - According to Google Fi's email sent to its customers on Monday, a limited amount of their customer data was exposed in T-Mobile's breach after suspicious activity was noted in a system that contained Google Fi's customer data. Google Fi, Google's ...
2 years ago Hackread.com
Prilex PoS Malware Evolves to Block Contactless Payments to Steal from NFC Cards - The Brazilian threat actors behind an advanced and modular point-of-sale malware known as Prilex have reared their head once again with new updates that allow it to block contactless payment transactions. Russian cybersecurity firm Kaspersky said it ...
2 years ago Thehackernews.com
FreeDrain Phishing Attack Users to Steal Users Financial Login Credentials - Cyber Security News - These initial lure pages-typically a single large image of a legitimate wallet interface-redirect users through a series of hops before eventually reaching a phishing page designed to steal wallet seed phrases. This sophisticated campaign leverages ...
1 month ago Cybersecuritynews.com
To tap or not to tap: Are NFC payments safer? - These cards required insertion into payment terminals and authentication with a PIN, marking a shift toward more secure transaction methods. These cards were still susceptible to cloning or information theft, though perpetrating such crimes was more ...
1 year ago Welivesecurity.com
Android/SpyNote Moves to Crypto Currencies - Affected Platform: AndroidImpacted Users: Android users with mobile crypto wallet or banking applicationsImpact: Financial LossSeverity Level: Medium. It has grown into one of the most common families of malware for Android, with multiple samples, ...
1 year ago Feeds.fortinet.com
North Korea's state hackers stole $3 billion in crypto since 2017 - North Korean-backed state hackers have stolen an estimated $3 billion in a long string of hacks targeting the cryptocurrency industry over the last six years since January 2017. Kimsuky, Lazarus Group, Andariel, and other North Korean hacking groups ...
1 year ago Bleepingcomputer.com Andariel Kimsuky Lazarus Group
Justin Sun offers 5% deal to $120M Poloniex crypto-robbers The Register - The founder of the Poloniex has offered to pay off thieves who drained an estimated $120 million of user funds from the cryptocurrency exchange in a raid on Friday. Justin Sun, who also founded the Tron Foundation currency system, offered a so-called ...
1 year ago Theregister.com
Microsoft: New RAT malware used for crypto theft, reconnaissance - Last but not least, Microsoft says StilachiRAT allows command execution and potential SOCKS-like proxying using commands from a command-and-control (C2) server to the infected devices, which can let the threat actors reboot the compromised system, ...
3 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)