ESET researchers have sounded the alarm over a dramatic escalation in cybercriminal activity targeting Near Field Communication (NFC) data, which underpins contactless payment systems.
According to ESET’s Threat Report for H1 2025, the number of NFC attacks has surged more than 35-fold compared to the previous six months, highlighting a rapidly evolving threat landscape that now extends well beyond the initial incidents reported among Czech banking customers.
NFC technology, widely adopted for its convenience and security, enables short-range wireless communication between devices most notably, for tap-to-pay transactions using smartphones and contactless cards.
The global NFC market is projected to grow from $21.69 billion in 2024 to $30.55 billion by 2029, driven by increasing smartphone penetration and the popularity of cashless payments.
Despite built-in safeguards such as encryption and tokenization, ESET’s findings reveal that cybercriminals are successfully circumventing these protections through sophisticated social engineering and malware campaigns.
The attack chain uncovered by ESET combines traditional phishing and Android malware with the abuse of NFCGate, a research tool originally developed for academic purposes at the Technical University of Darmstadt.
Threat actors initiate their campaigns by sending SMS phishing messages, often referencing tax returns, that direct victims to fraudulent banking websites.
These sites prompt users to install malicious progressive web apps (PWAs) that mimic legitimate banking applications.
Once victims enter their credentials, attackers gain unauthorized access to their accounts and escalate the scheme by impersonating bank representatives.
Victims are manipulated into installing a second malicious app, dubbed NGate, which leverages NFCGate technology.
Under the guise of a security procedure, victims are instructed to enter their PIN and scan their bank card, unwittingly handing over sensitive NFC data.
With this information, attackers can clone the victim’s card onto their own devices, enabling them to make fraudulent contactless payments or cash withdrawals without leaving a traceable link to their own accounts.
ESET telemetry indicates that, following initial arrests and a temporary lull, NGate malware has proliferated across multiple regions, with detection rates rising from isolated incidents to dozens per week.
Inspired by the success of NGate, cybercriminals have refined their tactics, culminating in the emergence of the “Ghost Tap” technique.
This method streamlines the attack process, allowing for mass exploitation. Attackers use phishing to harvest payment card details and one-time passcodes, registering the stolen credentials in their own Apple or Google wallets.
These digital wallets are then relayed to other devices, facilitating anonymous, large-scale fraudulent transactions worldwide.
The scalability of this approach enables the creation of “farms” of compromised Android devices, each loaded with stolen card data and capable of executing automated payment fraud at scale.
ESET emphasizes that users are not powerless in the face of these threats. Vigilance against phishing attempts, setting low payment limits, utilizing RFID blockers, and deploying comprehensive cybersecurity solutions are critical measures.
ESET’s suite of security products including ESET HOME Security and ESET Mobile Security for Android offers multi-layered protection, featuring real-time malware detection, anti-phishing safeguards, payment protection, and security audits to monitor app permissions.
Despite the sophistication of these attacks, ESET reassures consumers that contactless payments remain safe when paired with robust cybersecurity practices and user awareness.
| IOC Type | Example/Description | Relevance |
| Malicious Domain | Fake banking/phishing websites | Initial infection vector |
| SMS Phishing Link | URLs sent via SMS referencing tax returns | Social engineering |
| Malicious PWA | Progressive web apps mimicking bank apps | Credential theft |
| NGate APK | Malicious Android app leveraging NFCGate | NFC data exfiltration |
| NFCGate Tool | Open-source NFC relay tool | Abuse for card cloning |
| Ghost Tap Method | Technique for loading stolen cards into wallets | Large-scale fraud |
| Android Device Farms | Multiple devices with compromised card data | Automated payment fraud |
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant updates
The post ESET Warns of Cybercriminals Attacking NFC Data for Contactless Payment Fraud appeared first on Cyber Security News.
The US version of TikTok is once again experiencing issues due to an Oracle outage,…
Another high-profile live-service game is shutting down soon after launch: this time it's the free-to-play…
The Shark PowerDetect UV Reveal is SharkNinja's latest robot vacuum and mop. A flagship model…
There are many reasons why an electric scooter might be a better fit for you…
The arrival of a new Remedy game this year is a great excuse to jump…
A Chipolo Pop tracker. | Photo by Dominic Preston / The Verge Google is rolling…
This website uses cookies.