21 November 2024

New Ghost Tap cash-out technique exploiting mobile payment systems


New Ghost Tap cash-out technique exploiting mobile payment systems

ThreatFabric analysts uncovered a sophisticated cash-out method dubbed ‘Ghost Tap,’ which is being actively employed by threat actors. The tactic exploits stolen credit card details linked to mobile payment services like Google Pay and Apple Pay, leveraging Near Field Communication (NFC) technology to execute fraudulent transactions.

The attack relies on a relay mechanism that connects a stolen card to a Point-of-Sale (POS) terminal via NFC, allowing cybercriminals to remain physically distant from the crime scene—even in a different country. With the stolen card information, threat actors establish a connection between the card and a mobile payment system.

The Ghost Tap operation requires obtaining the victim's card details and the One-Time Password (OTP) sent by the bank to authenticate linking the card to the attacker's mobile device. Threat actors can achieve this using mobile malware to steal credit card details via overlay attacks or keylogging or intercepting OTPs sent via SMS or push notifications.

Victims unknowingly submit their card credentials and OTPs through phishing websites designed to mimic legitimate financial institutions. Once the card is successfully linked to a new device, the criminals use it for significant transactions at offline retailers, exploiting the anonymity of NFC-based payments.

Back to the list

Latest Posts

Cisco says decade-old bug in ASA appliances exploited in the wild

Cisco says decade-old bug in ASA appliances exploited in the wild

The activity involving CVE-2014-2120 has been linked to the Mozi botnet.
3 December 2024
North Korea's Kimsuky group employs Russian sender addresses in phishing campaigns

North Korea's Kimsuky group employs Russian sender addresses in phishing campaigns

The objective of the attacks is credential theft, enabling Kimsuky to hijack victim accountsю
3 December 2024
Japanese crypto exchange DMM Bitcoin to shut down following $305M hack

Japanese crypto exchange DMM Bitcoin to shut down following $305M hack

It is believed that the North Korean state-backed threat actor Lazarus Group was behind the hack.
3 December 2024