![Alert: New 'Ghost Tap' Hack Lets Criminals Empty Your Digital Wallet From Anywhere](https://mlkmisyfyt7n.i.optimole.com/cb:QnOd.1c245/w:auto/h:auto/q:mauto/ig:avif/https://clickcontrol.com/wp-content/uploads/2024/12/0d49c0d2a7_enhanced.png)
Security researchers at ThreatFabric have identified a new cyber threat called “Ghost Tap” that exploits near-field communication (NFC) technology to conduct fraudulent transactions. This technique allows criminals to abuse mobile payment services like Google Pay and Apple Pay in a sophisticated way.
Key Points:
– Criminals can remotely transmit tap-to-pay information globally within seconds
– No physical card or phone is required to make unauthorized payments
– The attack uses a legitimate research tool called NFCGate to relay NFC traffic
Attack Method:
1. Victims are tricked into downloading banking malware
2. Malware captures banking credentials and one-time passwords
3. Stolen card details are linked to mobile payment services
4. NFC traffic is relayed to mules who make fraudulent purchases
Unique Challenges:
– Transactions appear legitimate as they seem to come from the same device
– Multiple mules can use the same card at different locations simultaneously
– The original device can be in airplane mode, making location tracking difficult
– Traditional anti-fraud mechanisms are bypassed
Security Implications:
– The attack can be executed across different countries
– Fraudulent purchases can be made at multiple locations quickly
– Gift cards can be purchased at offline retailers without physical presence
– The method is particularly challenging for financial institutions to detect
This new threat highlights the evolving nature of payment fraud and the need for enhanced security measures in NFC-based payment systems.