Alert: New ‘Ghost Tap’ Hack Lets Criminals Empty Your Digital Wallet From Anywhere

Alert: New 'Ghost Tap' Hack Lets Criminals Empty Your Digital Wallet From Anywhere

New NFC-Based Payment Fraud Technique Discovered

Security researchers at ThreatFabric have identified a new cyber threat called “Ghost Tap” that exploits near-field communication (NFC) technology to conduct fraudulent transactions. This technique allows criminals to abuse mobile payment services like Google Pay and Apple Pay in a sophisticated way.

Key Points:

– Criminals can remotely transmit tap-to-pay information globally within seconds

– No physical card or phone is required to make unauthorized payments

– The attack uses a legitimate research tool called NFCGate to relay NFC traffic

Attack Method:

1. Victims are tricked into downloading banking malware

2. Malware captures banking credentials and one-time passwords

3. Stolen card details are linked to mobile payment services

4. NFC traffic is relayed to mules who make fraudulent purchases

Unique Challenges:

– Transactions appear legitimate as they seem to come from the same device

– Multiple mules can use the same card at different locations simultaneously

– The original device can be in airplane mode, making location tracking difficult

– Traditional anti-fraud mechanisms are bypassed

Security Implications:

– The attack can be executed across different countries

– Fraudulent purchases can be made at multiple locations quickly

– Gift cards can be purchased at offline retailers without physical presence

– The method is particularly challenging for financial institutions to detect

This new threat highlights the evolving nature of payment fraud and the need for enhanced security measures in NFC-based payment systems.

Share This Article