In a disturbing trend, cybercriminals, predominantly from Chinese underground networks, are exploiting Near Field Communication (NFC) technology to perpetrate large-scale fraud at ATMs and Point-of-Sale (POS) terminals.
According to cyber threat intelligence analysts at Resecurity, numerous banks, FinTech companies, and credit unions have reported a surge in NFC-related fraud in Q1 2025, with damages exceeding millions of dollars for a top Fortune 100 financial institution in the United States.
These attackers demonstrate remarkable adaptability, crafting sophisticated tools to manipulate NFC systems for unauthorized transactions, targeting regions including the U.S., UK, EU, Australia, Canada, Japan, and the UAE.
The global nature of their operations, often backed by organized crime syndicates with suspected state tolerance in China, poses significant challenges to detection and mitigation due to geopolitical and technical barriers.
The mechanics of NFC fraud involve exploiting Host Card Emulation (HCE), a technology that allows Android devices to mimic ISO 14443 NFC smart cards via services like HostApduService, enabling communication with payment terminals through Application Protocol Data Unit (APDU) commands.
Tools like “Z-NFC” and “Track2NFC,” often sold on the Dark Web and Telegram channels, facilitate this by emulating card data or relaying stolen payment information from victims’ mobile wallets, such as Google Pay or Apple Pay, to perpetrators’ devices at ATMs or POS terminals.
Techniques like “Ghost Tap” allow fraudsters to execute transactions without triggering merchant payment processors, while apps like “HCE Bridge” simulate various contactless payment kernels for malicious use.
Resecurity’s reverse engineering of Z-NFC revealed a heavily obfuscated Android APK (package name: com.hk.nfc.paypay) that uses native libraries and runtime decryption to evade static analysis, underscoring the technical sophistication of these attacks.
Additionally, cybercriminals operate “farms” of mobile devices to automate fraud at scale, targeting institutions like Barclays, HSBC, and Santander, and even exploiting loyalty points programs for unauthorized redemptions.
Further amplifying the threat, NFC-enabled POS terminals are abused or illicitly registered via money mules, enabling fraud and money laundering across countries like China, Malaysia, and Nigeria.
Attackers also leverage stolen Track 2 data from ATM skimmers, recorded onto blank cards, to conduct transactions at compromised terminals, often bypassing Cardholder Verification Methods (CVM) for low-value contactless payments.
The rapid adoption of NFC technology, with 1.9 billion enabled devices worldwide, combined with the anonymity of encrypted communication and e-SIM contracts, makes these operations elusive.
As NFC continues to underpin contactless payments and identity verification globally, the urgent need for robust security protocols, advanced fraud detection, and international cooperation becomes evident to curb this escalating cyber threat.
Indicator | Description |
---|---|
Package Name | com.hk.nfc.paypay |
App Name | Often disguised as utility/NFC tool |
Native Libraries | libjiagu.so, libjgdtc.so |
Path | /data/data/<pkg>/.jiagu/libjiagu_64.so |
Class | com.stub.StubApp |
Suspicious String | “entryRunApplication” – real app class |
Permissions | NFC, Camera, Internet, Storage access |
URL | https://znfcqwe.top |
Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!
A new project has exposed a critical attack vector that exploits protocol vulnerabilities to disrupt…
A threat actor known as #LongNight has reportedly put up for sale remote code execution…
Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager Mobile…
Hackers are increasingly targeting macOS users with malicious clones of Ledger Live, the popular application…
The European Union has escalated its response to Russia’s ongoing campaign of hybrid threats, announcing…
Venice.ai has rapidly emerged as a disruptive force in the AI landscape, positioning itself as…