OP 21 November, 2024 - 11:01 PM
Security researchers at ThreatFabric have discovered a new cash-out tactic called “Ghost Tap.” The scheme allows cybercriminals to use NFC technology to anonymously transact with stolen credit card data linked to mobile payment services like Google Pay and Apple Pay. The
method involves relaying NFC traffic between devices, allowing transactions to be conducted at significant distances from the actual location of the card. Criminals use readily available tools like NFCGate, which was originally developed for research purposes. This approach allows for scalability by using “mules” to make purchases in different geographic locations in a short period of time.
To implement Ghost Tap, fraudsters link stolen cards to devices by obtaining OTP codes through phishing sites or mobile malware. The card data is then transmitted to the “mule’s” device, which makes purchases in stores. This makes it difficult to detect the criminals, as the transactions look like regular transactions from a single device.
The key problem for banks and payment systems is the difficulty in detecting these transactions. The use of airplane mode and small purchase amounts make it difficult for anti-fraud systems to trigger. At the same time, criminals can quickly spend large sums, dividing them into many small transactions.
The growing popularity of NFC attacks is due to the lack of effective detection mechanisms. To counter such schemes, financial institutions need to improve monitoring systems that can take into account the mismatch of the device and terminal locations, as well as suspicious customer behavior.
Ghost Tap clearly demonstrates how technological tools created for research purposes turn into powerful fraudulent tools. To combat such threats, cooperation is required between financial institutions, technology developers and law enforcement agencies. Only joint efforts will help stop the evolution of such schemes.
source : https://www.threatfabric.com/blogs/ghost...-nfc-relay
method involves relaying NFC traffic between devices, allowing transactions to be conducted at significant distances from the actual location of the card. Criminals use readily available tools like NFCGate, which was originally developed for research purposes. This approach allows for scalability by using “mules” to make purchases in different geographic locations in a short period of time.
To implement Ghost Tap, fraudsters link stolen cards to devices by obtaining OTP codes through phishing sites or mobile malware. The card data is then transmitted to the “mule’s” device, which makes purchases in stores. This makes it difficult to detect the criminals, as the transactions look like regular transactions from a single device.
The key problem for banks and payment systems is the difficulty in detecting these transactions. The use of airplane mode and small purchase amounts make it difficult for anti-fraud systems to trigger. At the same time, criminals can quickly spend large sums, dividing them into many small transactions.
The growing popularity of NFC attacks is due to the lack of effective detection mechanisms. To counter such schemes, financial institutions need to improve monitoring systems that can take into account the mismatch of the device and terminal locations, as well as suspicious customer behavior.
Ghost Tap clearly demonstrates how technological tools created for research purposes turn into powerful fraudulent tools. To combat such threats, cooperation is required between financial institutions, technology developers and law enforcement agencies. Only joint efforts will help stop the evolution of such schemes.
source : https://www.threatfabric.com/blogs/ghost...-nfc-relay
![[Image: police.png]](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fstatic.cracked.io%2Fimages%2Fsmilies%2Fpolice.png)
![[Image: Kevin-Signature1optimize.gif]](https://i.ibb.co/MDbxBG0/Kevin-Signature1optimize.gif)
![[Image: mqaSXR5.gif]](https://i.imgur.com/mqaSXR5.gif)