PhantomCard is a new malware that uses the NFC to empty bank accounts

The panorama of IT threats on Android continues to enrich themselves with new increasingly sophisticated and, unfortunately, increasingly difficult to identify variants; The latest discovery comes from the researchers of Threatfabric, who identified a particularly insidious Trojan called PhantomCardcapable of exploiting the NFC (Near-Field Communication) technology to steal the data of the users of users in real time and, consequently, to empty their bank accounts.

As Phantomcard acts

According to the experts, the PhantomCard malware presents itself as a legitimate app, distributed through False sites that imitate the Google Play Store and who pretend to offer cards protection services; These pages also show fake reviews, designed to increase credibility and convince users to download the app. Diffusion occurs mainly through Smishing campaigns (Phishing SMS) or other forms of social engineering.

Once installed, the app asks the user to bring your card closer to the back of the smartphoneapparently for authentication reasons, in reality the data are sent in real time to the criminal servers, which also require the insertion of the PIN; At this point, scammers have everything you need to use the card as if it were physical, by making transactions at POS or by taking cash from ATMs authorized NFC.

The system also provides for the use of intermediaries, installed on the phones of the so -called Money Mules, these are people who, consciously or not, make their devices available to receive the stolen data and transmit them to the payment terminals; This makes the flow of operations extremely quick and difficult to intercept.

According to Threadfabric, PhantomCard seems to have been developed by an author already known in the panorama of Android threats, the same one who had marketed in the past and Malware such as Btmob and Ghostspy.

At the moment the first infections have been detected above all in Brazil, but the phenomenon is not at all limited to Southeast Asia for example, for example similar tools are spreading such as Supercard X, Kingnfc and Z-nfc, capable of closing cards data and using them for fraudulent transactions; In regions where contactless payments are now the norm and where transactions of reduced amount are often approved without requesting the PIN, the problem becomes even more complex to deal with.

The appearance of PhantomCard once again confirms how the Malware-AS-A-Service market (in this case based on NFU Pay, a service sold via Telegram) is evolving with increasingly specialized solutions, suitable for the different safety systems used in the various countries; For Android users, the advice remains to download the apps exclusively from the official Google Play Store, be wary of links received via SMS or email and pay particular attention to suspicious requests, such as scanning your payment card with the smartphone.

Financial institutions for their part, will have to expand monitoring systems and strengthen countermeasures, since it is a now global phenomenon with local variants but with a single goal, steal money in a silent and increasingly sophisticated way.