Cybersecurity firm D3Lab has detected a fresh wave of tap-to-pay malware attacks targeting Android users at Italian and other European banks. The malware steals payment card details and PINs by tricking users into tapping their physical cards against their devices. U.S. law enforcement is already making arrests and issuing warnings to banks about this Android malware threat, which exploits the platform's greater access to NFC chip functionality compared to Apple's restricted NFC environment on iPhones.
Malware Tricks Users with Fake Banking App Updates
Users are lured with urgent messages claiming they need to update their banking app, which leads them to download harmful software. Once installed, the malware displays a fake verification screen and prompts the user to hold their real payment card near the phone. The malware reads the card information and PIN, then sends the stolen data to the attackers.
Attackers Host Malicious Files on GitHub
In this latest wave, D3Lab says harmful files are now being stored and frequently updated on GitHub, the popular website normally used by programmers to share code. The attackers push out new versions often, using different bank names and technical tricks to avoid being blocked. The criminals frequently change the fake websites, rotate which banks they pretend to represent, and use new hosting methods that are harder for authorities to shut down.
Android NFC Access Enables Card Data Theft
The technique works on Android because apps have greater access to the NFC chip, while Apple heavily restricts what third-party apps can do with NFC on iPhones. This constant adaptation allows the same type of card theft to continue reaching Android users despite ongoing security efforts.
FAQ
What did D3Lab detect in the latest malware wave?
D3Lab detected a fresh wave of tap-to-pay malware attacks targeting Android users at Italian and other European banks, with harmful files being stored and frequently updated on GitHub.
How does the tap-to-pay malware steal card information?
The malware displays a fake verification screen and prompts users to hold their real payment card near the phone, then reads the card information and PIN before sending the stolen data to attackers.