PhantomCard malware targeting Android banking users

ThreatFabric analysts have identified PhantomCard, a sophisticated NFC-based Trojan that relays sensitive card data from victims’ devices to cybercriminals. Primarily targeting banking customers in Brazil, this malware exploits NFC relay attacks.

PhantomCard malware targeting Android banking usersPhantomCard malware targeting Android banking users

Disguised as a legitimate "card protection" app, PhantomCard is distributed through fake websites mimicking the Google Play Store. Once installed, it prompts users to tap their physical banking cards against the infected device, relaying NFC data to a criminal-controlled server for unauthorized transactions at POS terminals or ATMs.

PhantomCard malware targeting Android banking usersPhantomCard malware targeting Android banking users

PhantomCard exploits the NFC reader in Android devices, using the ISO-DEP protocol to confirm card compatibility and extract payment application metadata. It facilitates a bidirectional relay, allowing fraudsters to send transaction instructions to the victim's card while relaying responses back. Victims are tricked into entering their PIN for authentication.

NPAV offers a robust solution to combat cyber fraud. Protect yourself with our top-tier security product, Z Plus Security