Saturday, December 7, 2024
HomeCyber CrimeGhost Tap Attack, Hackers Stolen Credit Card Linked To Google Pay Or...

Ghost Tap Attack, Hackers Stolen Credit Card Linked To Google Pay Or Apple Pay

Published on

SIEM as a Service

Threat actors are exploiting a new cash-out tactic called “Ghost Tap” to siphon funds from stolen credit card details linked to mobile payment services like Google Pay or Apple Pay, which involves relaying NFC traffic, enabling unauthorized transactions without physical access to the victim’s device. 

By understanding this emerging threat, financial institutions can enhance their security measures to protect customer assets and mitigate the risks associated with this sophisticated cash-out technique.

Cybercriminals are leveraging NFCGate to relay NFC traffic between devices, enabling them to cash out funds from stolen cards linked to mobile payment systems like Apple Pay and Google Pay.

- Advertisement - SIEM as a Service

Maximizing Cybersecurity ROI: Expert Tips for SME & MSP Leaders – Attend Free Webinar

By exploiting vulnerabilities in these systems, attackers can obtain OTPs and link stolen cards to their devices, which allows them to make payments at offline retailers anonymously and at scale, bypassing traditional security measures and increasing the efficiency of their fraudulent activities.

A post on underground forum

NFCGate is a legitimate research tool used to facilitate large-scale, anonymous cash-outs, where remotely controlling a device with a stolen card linked to a mobile payment system, attackers can direct mules to specific retailers.

The mules, using NFCGate-enabled devices, initiate transactions at the POS terminals. 

The transaction data is relayed to a server, enabling the attacker to monitor and control the process, which allows for widespread, coordinated fraud operations, bypassing traditional geographic and logistical constraints. 

Recent cyberattacks leverage NFC technology, exploiting vulnerabilities in network infrastructure and device security, where malicious software like NFSkate targets mobile devices, while NFCGate-based tools compromise physical cards. 

Relay attacks, enabled by network latency, allow remote transactions using stolen card data.

To mitigate these threats, NFC readers should implement time-based detection mechanisms to identify discrepancies between device location and transaction location. 

When it comes to detecting suspicious activity and preventing unauthorized access, mobile payment services need to also improve their security measures.

scheme of interactions

According to Threat Fabric, cybercriminals exploit the Ghost Tap technique to bypass anti-fraud measures by making multiple small, seemingly legitimate NFC payments, which often involve compromised devices and airplane mode, that can go undetected. 

Financial institutions must proactively monitor for unusual device pairings, rapid, geographically impossible transactions, and suspicious device behavior to identify and prevent such fraudulent activity. 

The detection of potential device compromises at an early stage is absolutely necessary in order to reduce the likelihood of subsequent Ghost Tap attacks.

Cybercriminals can exploit publicly accessible technology to remotely initiate NFC transactions, enabling unauthorized cash-outs, which make it difficult to detect and mitigate. 

Retailers and financial institutions must implement advanced detection models, robust security measures, and industry collaboration to safeguard against these emerging threats and protect customer assets.

Are you from SOC/DFIR Teams? – Analyse Malware Files & Links with ANY.RUN -> Try for Free

Latest articles

DaMAgeCard Attack – New SD Card Attack Lets Hackers Directly Access System Memory

Security researchers have identified a significant vulnerability dubbed "DaMAgeCard Attack" in the new SD...

Deloitte Denies Breach, Claims Only Single System Affected

Ransomware group Brain Cipher claimed to have breached Deloitte UK and threatened to publish...

Top Five Industries Most Frequently Targeted by Phishing Attacks

Researchers analyzed phishing attacks from Q3 2023 to Q3 2024 and identified the top...

Russian BlueAlpha APT Exploits Cloudflare Tunnels to Distribute Custom Malware

BlueAlpha, a Russian state-sponsored group, is actively targeting Ukrainian individuals and organizations by using...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

DaMAgeCard Attack – New SD Card Attack Lets Hackers Directly Access System Memory

Security researchers have identified a significant vulnerability dubbed "DaMAgeCard Attack" in the new SD...

Deloitte Denies Breach, Claims Only Single System Affected

Ransomware group Brain Cipher claimed to have breached Deloitte UK and threatened to publish...

Top Five Industries Most Frequently Targeted by Phishing Attacks

Researchers analyzed phishing attacks from Q3 2023 to Q3 2024 and identified the top...