HQ/EMEAFind out how we can help your business
The new Ghost Tap cybercriminal campaign is the alleged cause of the draining of funds after targeting mobile payment systems, such as Google Play and Apple Play. Moreover, this new cashing-out campaign feeds NFC card data to money mules worldwide.
According to reports, the new campaign relies on methods previously used by mobile viruses such as NGate, which was revealed in August and involved relaying Near Field Communication (NFC) signals from payment cards.
Researchers noted that Ghost Tap is more obfuscated and difficult to detect as it does not require the victim’s card or device, does not necessitate frequent victim exchange, and includes money mules in remote locations interacting with PoS terminals.
The Ghost Tap campaign uses intercepted OTPs to initiate heists.
The initial phase of the Ghost Tap attack involves acquiring payment card data and intercepting one-time passwords (OTPs) used for virtual wallet enrollment on Apple Pay and Google Pay.
Researchers explained that threat actors can steal payment card data via banking malware that displays overlays that seem like digital payment apps, phishing pages, and keylogging. On the other hand, attackers can steal OTPs using social engineering or spyware that monitors text messages.
In prior NGate-based assaults, the campaign deceived victims into scanning their cards with their device’s NFC system using specialist software that guided them through the procedure. In addition, the NFCGate technology is still being used to transmit credit card information.
However, researchers discovered that the new attack now establishes a relay server in between, transmitting the information to a vast network of money mules while hiding their locations. Subsequently, the mules then make large-scale retail purchases in numerous locations using their device’s NFC chip, making it challenging to map the fraud network or track down the primary attacker.
With the new Ghost Taps operation, threat actors can no longer make ATM withdrawals. Instead, they handle point-of-sale cash outs, which are distributed throughout a large network of mules globally.
This tactic covers the trail to the primary perpetrators of the malicious activity, placing only the mules at risk. As of now, the only way to protect against Ghost Tap is for banks to flag transactions made with the same card but at places that are physically challenging to reach in the timeframe between charges.
Credit card users should constantly check their transactions to spot unwanted activities.
