A dangerous new hacking technique called "Ghost Tap" is enabling cybercriminals to steal money through contactless payments, even when they don't have physical access to victims' cards or phones.
According to Dutch security firm ThreatFabric, hackers are exploiting NFCGate, a research tool designed for analyzing NFC (near-field communication) traffic, to relay tap-to-pay information globally within seconds. This allows them to make fraudulent purchases using stolen credit card details linked to mobile payment services like Google Pay and Apple Pay.
The attack typically begins when victims unknowingly download banking malware that captures their banking credentials and one-time passwords through overlay attacks or keyloggers. Some attacks also involve phone scams to obtain information.
Once criminals obtain the card details, they link them to mobile payment services. To avoid detection, they use NFCGate to relay the tap-to-pay data to accomplices called "mules" who make unauthorized purchases at stores.
What makes Ghost Tap particularly concerning is that transactions appear legitimate since they seem to originate from the same device. The stolen card can even be in airplane mode during fraudulent purchases, making it harder to detect the actual location of the device.
The scheme allows criminals to:
- Make purchases without being physically present at stores
- Use the same card at multiple locations quickly
- Buy gift cards through offline retailers
- Scale operations by coordinating with multiple mules
ThreatFabric researchers believe faster network speeds combined with inadequate time-based detection systems at payment terminals have made these remote attacks possible. The technique poses major challenges for both financial institutions and retailers as criminals can operate anonymously while quickly cashing out stolen funds.
Banking customers should remain vigilant about downloading apps and sharing financial information to protect themselves from this emerging threat. Financial institutions may need to implement additional security measures to detect and prevent Ghost Tap attacks.