A significant surge in Near-Field Communication (NFC) relay malware is targeting Android users, primarily in Eastern Europe, with over 760 malicious applications discovered in recent months. These apps abuse Android's Host Card Emulation (HCE) feature to steal and emulate contactless payment card data. Unlike traditional banking trojans, this malware intercepts and manipulates communication between a payment terminal and a card, enabling unauthorized transactions.
The malicious software operates through various methods, including harvesting card data, relaying terminal commands to a remote server, and manipulating real-time payment authorizations. First observed in Poland in 2023, these campaigns have rapidly expanded to countries like Russia, the Czech Republic, and Slovakia. Researchers have identified more than 70 command-and-control servers and numerous Telegram channels used to coordinate these attacks and exfiltrate stolen information.
These fraudulent apps often impersonate legitimate services like Google Pay or major banks such as Santander and Tinkoff. To protect themselves, Android users are strongly advised to install apps only from the official Google Play Store, avoid sideloading APKs, and scrutinize app permissions, especially for NFC access. Regularly using Play Protect and disabling NFC when not in use are also recommended security measures to mitigate this growing threat.
Read more...