A new cash-out strategy is rapidly starting to spread and claim victims around the world: renamed “Ghost Tap”is based on NFC technology, and thanks to it criminals are able to obtain stolen credit card data connected to mobile payment systems to fraudulently steal money from a bank account.
This new type of attack, which closely resembles the already well-known incursions carried out by cybercriminals using the Android tool NFCGate, was identified for the first time by researchers at ThreatFabricexperts in information security. Once again, therefore, digital payments end up in the crosshairs of bad actors.
“Hackers can establish a relay between a stolen card device and a retailer’s POS terminal, remaining anonymous and executing large-scale cashouts.”we read in the ThreatFabric report. “The cybercriminal in possession of the stolen card may be far from where the card will be used, even in a different country, and use the same card in multiple locations in a short space of time”the document specifies.
But how does Ghost Tap work? The first step is obviously to get hold of your credit card details, and this usually occurs via phishing or banking malware. The criminal can also carry out overlay attacksi.e. the kind of incursion that allows you to also steal the OTP codes sent via text message when the user connects the card to a legitimate mobile payment service, such as Google Pay or Apple Pay, installed on their smartphone.
At this point, Ghost Tap also comes into play NFCGatealthough in a different guise than usual: if previously the tool was used to transmit NFC information directly from the victim to the hacker, now these are intercepted by a relay server. The cybercriminal can therefore operate more covertly even thousands of kilometers away from the user and from several different cities in a short time through a network of “money mules”.
Ghost Tap is particularly difficult to detect, as hackers exploit legitimate payment methods. Not only that, given that anti-fraud systems are generally not activated in the case of small transactions such as those carried out with Google Pay or Apple Pay. The cyber criminal, who can use the airplane mode to be untraceable, while continuing to exploit NFC technology, it is even safer due to the fact that it can operate from afar: with the money mule system, moreover, it is possible to strike from different places and in a short period of time thanks to the help of other accomplices/couriers.
The only way to identify fraud would be to trace every movement by verifying the place and time in which it was made: if there is no consistency between a payment made in a given city and at a given time with the same card credit, the signal is clear, as in the case of a transaction carried out in New York and shortly thereafter in Brisbane.
However, the tools to counter this new cyber attack are missing:“Detecting and mitigating such fraud will require advanced detection models, robust security measures and collaboration within the industry to keep pace with this emerging threat and effectively protect customer assets”concludes the ThreatFabric analysis.