Cybercriminals are leveraging a sophisticated attack method named "Ghost Tap" to exploit credit card details associated with mobile payment platforms such as Apple Pay and Google Pay. This method clandestinely transfers NFC-based card information to accomplices around the globe, enabling unauthorized transactions.

Innovative Exploit:

Ghost Tap represents an advancement over earlier mobile malware like NGate, which ESET described, relying on NFC signal relay. Unlike prior techniques, Ghost Tap operates without needing the physical card, the victim's device, or continuous victim interaction, reducing the chances of detection.

Discovery and Warning:

The mobile security pioneers at Threat Fabric recently identified the Ghost Tap tactic and have highlighted a notable increase in its deployment. Alerting the public through BleepingComputer, they stressed the growing threat it poses to mobile financial security.

Operational Mechanics:

The attack initiates with acquiring card information and hijacking the one-time passwords essential for registering virtual wallets on platforms like Apple Pay and Google Pay. This is achieved via banking malware mimicking legitimate apps, phishing tactics, or through text message interception.

Advanced Relay and Obfuscation:

Employing a relay server, attackers propagate stolen payment information to a network of money mules, who then conduct purchases in various locations. Unlike the NGate methodology, which focused on minor contactless transactions and ATMs, Ghost Tap limits activity to Point of Sale (PoS), scattering transactions and hindering traceability.

Challenges in Detection:

Ghost Tap transactions mimic legitimate purchase patterns and exploit the dispersed geography of money mules, complicating detection by banking anti-fraud systems. Threat Fabric explains these minute transactions, conducted over the same Apple Pay or Google Pay account but involving different locations, may escape scrutiny given their low-value and distributed nature.

Evasion Tactics:

To further obscure their activities, money mules engage in a workaround by using "airplane mode," allowing the NFC chip to operate while staying offline, thus avoiding real-time location tracking.

Protective Measures:

To counteract Ghost Tap, financial entities must refine their transaction monitoring systems to identify quick succession transactions across disparate regions, such as a purchase in New York followed almost immediately by one in Cyprus.

Consumer Vigilance:

It is crucial for consumers to rigorously monitor their financial accounts for unauthorized activity. Quick reporting of such anomalies to banks remains key to curbing the impact of these scams and securing cardholder funds. This new wave of fraud perpetrated by the Ghost Tap tactic highlights an escalating threat landscape for digital payment systems, demanding enhanced security measures and consumer awareness to safeguard financial assets.

The link has been copied!