Hackers Converting Stolen Payment Card Data into Apple & Google Wallets

Cybercriminal groups, primarily based in China, are leveraging advanced phishing techniques and mobile wallet technologies to convert stolen payment card data into fraudulent Apple and Google Wallet accounts.

This innovative approach has revitalized the underground carding industry, which had been weakened in recent years by the adoption of chip-based payment cards in the United States.

Sophisticated Phishing Tactics

Chinese cybercrime groups employ phishing kits that bypass traditional SMS networks by utilizing Apple iMessage and Google’s RCS technologies.

Victims are lured through messages impersonating entities like the U.S. Postal Service or toll road operators, requesting payment for fabricated fees.

Once victims input their payment card details, they are prompted to provide a one-time passcode (OTP), ostensibly for verification.

In reality, this OTP is used by the attackers to link the victim’s card to a mobile wallet on a device they control.

The phishing kits are highly advanced, capturing data even if users abandon the process mid-way.

Additionally, these kits forward stolen data to secure back-end databases, ensuring its safety even if phishing sites are taken down.

Criminals also use automated systems to create fake Apple and Google accounts, enabling mass distribution of phishing messages.

Ghost Tap Technology

Once linked to a stolen card, digital wallets are loaded onto smartphones controlled by the scammers.

These devices, often containing multiple wallets from different financial institutions, are sold in bulk for significant profits.

Some groups expedite fraudulent activity by setting up fake e-commerce businesses on platforms like Stripe or Zelle to cash out funds.

A more sophisticated method involves “Ghost Tap” technology, which uses an Android app called ZNFC to relay Near Field Communication (NFC) transactions globally.

With this tool, scammers can execute tap-to-pay transactions remotely from anywhere in the world. The app is sold for $500 per month and includes 24/7 support.

Research indicates that these operations have caused an estimated $15 billion in fraudulent charges annually.

Security experts have observed nearly 33,000 domains tied to these phishing schemes, with losses averaging $250 per compromised card.

The financial sector has struggled to counter these attacks due to their reliance on OTPs sent via SMS for mobile wallet authentication a vulnerability exploited by phishers.

Some European and Asian banks now require customers to authenticate through their banking apps before linking wallets.

However, broader solutions may involve updating payment terminals to detect relayed NFC transactions and enhancing account monitoring by tech giants like Apple and Google.

Despite these challenges, experts emphasize that stronger collaboration between financial institutions and technology providers is essential to curb this growing threat.

Neither Apple nor Google has commented on their role in addressing these vulnerabilities.

Free Webinar: Better SOC with Interactive Malware Sandbox for Incident Response and Threat Hunting – Register Here