ThreatFabric lately revealed PhantomCard, a classy Android banking trojan rising in Brazil that executes NFC relay fraud by intercepting and transmitting delicate card information from victims to cybercriminals. The malware masquerades as a “Proteção Cartões” (“Card Safety”) app hosted on pretend Google Play Retailer pages, full with counterfeit optimistic evaluations to lure unsuspecting victims.
As soon as put in, PhantomCard prompts customers to faucet their financial institution card in opposition to their system—with no need extra permissions. It then captures NFC information from the cardboard and transmits it to the attacker. For added deception, the app additionally requests the person’s PIN code to make sure the cybercriminal can full point-of-sale (POS) or ATM transactions utilizing the sufferer’s card in actual time.
This marketing campaign is especially regarding: it is powered by a Chinese language-originated Malware-as-a-Service (MaaS), permitting a number of associates to deploy personalized variations quickly, regionalizing the fraud to Brazilian customers—and doubtlessly past..
Zimperium’s Cell Risk Detection (MTD) and Runtime Safety (zDefend) detect 100% of the samples shared within the authentic report with excessive accuracy and in a zero-day vogue utilizing our dynamic detection engine. Additional strengthening our safety, we uncovered a further 8 samples related to the PhantomCard marketing campaign.
Why This Issues: PhantomCard elevates NFC-based assaults to a brand new degree. Victims are unknowingly facilitating fraud by tapping their playing cards on their telephones—whereas the legal completes the transaction remotely utilizing the stolen card info and PIN. Conventional fraud detection programs are unlikely to catch such exercise, as transactions seem authentic and originate from the sufferer’s personal card and PIN.
Monetary establishments—particularly these working in Brazil or areas with Brazilians of their buyer base—ought to assume that NFC relay fraud is happening and guarantee cell defenses can block overlay ways, detect inappropriate NFC interactions, and intercept suspicious command-and-control communication on-device.
We stay dedicated to monitoring this menace because it evolves, increasing our detection capabilities, and sharing related intelligence to empower safety groups to reply swiftly and confidently.
For extra technical insights, learn ThreatFabric’s full report right here.
The listing of latest IOCs may be present in this repository.