ATTACK on Android smartphones based on near-field communication (NFC) theft of funds increased by 188% in fiIn the first four months of this year, contactless payments are at risk, according to cybersecurity firm Kaspersky.
Kaspersky said its cybersecurity solutions blocked 35,600 attacks from Android malware families using NFC techniques, including SuperCard X, PhantomCard, NGate, and other malicious variants of the NFCGate tool. This is up from just over 12,300 attacks prevented in the same period last year.
Russian users see more mobile NFC threats, it said.
It added that it expects attacks on NFC payments to continue to grow as hackers’ programs become more advanced.
“While attackers previously relied on ‘direct NFC’ technology, now ‘reverse NFC’ is becoming more common,” noted Sergey Golovanov, senior security expert at Kaspersky. “The danger of the new, more sophisticated program is that this type of fraud is difficult to detect and fight against, because the victims themselves transfer money to the accounts of the attackers and such transactions are difficult to distinguish from legitimate. We do not rule out that the malware of NFC itself continues to evolve and the area of attacks will grow. That is why this threat must be carefully monitored.”
In direct NFC schemes, attackers contact victims through messaging apps pretending to perform identity verification while tricking them into downloading malware that will lead them to tap their cards on an infected smartphone, retrieving their card data.
Meanwhile, in reverse NFC systems, fraudsters use social engineering techniques to trick victims into setting up malicious apps as the primary contactless payment method on their vulnerable smartphones. These types of applications generate an NFC signal that ATMs recognize as a fraudulent card.
“Victims are then tricked into going to ATMs (cash withdrawal machines) and depositing money into a ‘secure account’ using their infected phone. In fact, the fraudsters receive the victims’ money,” said Kaspersky.
“I fThe first publicly reported attack that used an official modified NFC tool occurred in late 2023. That attack was mostly found in Europe. After that users from Russia and other regions faced similar malware attacks. Later it became known that hackers packaged the NFC malware in a malware-as-a-service offering, which could facilitate access to malicious tools for other attackers. “NFC transmission campaigns show how threat actors adapt and reuse new methods to steal user funds,” said Dmitry Kalinin, cybersecurity expert at Kaspersky.
The company said users should protect themselves from NFC relay attacks and other mobile threats by not installing apps from illegitimate sources, especially those sent via messaging apps, social media, or SMS.
Using security solutions on Android smartphones can also help flag and prevent visits to phishing sites and stop the installation of malware. – Bettina V. Roc
