Beware of the New Ghost Tap Attack Exploiting NFC Mobile Payments – Here is what to know.

Cybercriminals have devised a new method to cash out stolen credit card details linked to mobile payment systems like Apple Pay and Google Pay. This tactic, known as Ghost Tap, relays NFC card data to money mules worldwide. The Ghost Tap attack builds upon previous methods used by mobile malware like NGate, which involved relaying Near Field Communication (NFC) signals from payment cards.

How Ghost Tap Works

The first step in the Ghost Tap attack is to steal the data of payment cards and intercept the one-time passwords (OTP) needed for virtual wallet enrollment on Apple Pay and Google Pay. Cybercriminals can steal payment card data through banking malware that displays overlays mimicking digital payment apps or through phishing pages and keylogging. OTPs can be stolen through social engineering or malware that monitors text messages.

In previous NGate-based attacks, victims needed to be tricked into scanning their card using their device’s NFC system with specialized malware. However, Ghost Tap is more obfuscated and challenging to detect. It does not require the card or the victim’s device, nor does it need continual victim interchange. Instead, it involves money mules in multiple remote locations interacting with Point of Sale (PoS) terminals.

The Role of Money Mules

Money mules play a crucial role in the Ghost Tap attack. They perform retail purchases at scale and multiple locations using their device’s NFC chip, making it hard to map the fraud network or trace the primary attacker. The mules put their devices in “airplane mode,” which still allows the NFC system to function as usual. This tactic spreads the fraudulent transactions across multiple locations, making it difficult for financial institutions to detect and stop the attack.

Challenges for Financial Institutions

The Ghost Tap attack poses a significant challenge for financial institutions. The transactions appear legitimate and span multiple locations, making it hard to detect them. Many banks’ anti-fraud mechanisms detect purchases from unusual locations, but the numerous small payments may bypass these detections. The ability of cybercriminals to scale the fraudulent offline purchases, making multiple small payments in different places, might not trigger the anti-fraud mechanisms.

Conclusion

The Ghost Tap attack is a sophisticated and challenging tactic for financial institutions to detect and stop. It highlights the need for improved security measures and awareness among users to protect their payment card data and personal information. As cybercriminals continue to evolve their methods, staying vigilant and adopting robust security practices is essential to safeguard against such attacks.

You think you have a story worth everyone’s time? SUBMIT A STORY and we will publish it