New Ghost-Tapping Attacks Target Apple Pay and Google Pay Users’ Linked Cards

Chinese-speaking cybercriminals are using ghost-tapping techniques to take advantage of Near Field Communication (NFC) relay tactics in a sophisticated evolution of payment card fraud. They are mainly targeting mobile payment services such as Apple Pay and Google Pay.

This attack vector involves relaying stolen payment card credentials from compromised devices to mules’ burner phones, enabling unauthorized contactless transactions for retail fraud.

According to analysis from Insikt Group, threat actors such as @webu8 on Telegram are automating the provisioning of victim cards into digital wallets, bypassing security measures like one-time passwords (OTPs) through phishing and malware.

These operations, often orchestrated from bases in Southeast Asia including Cambodia and China, facilitate global campaigns by supplying syndicates with pre-loaded burner devices and proprietary relay software.

NFC Relay Fraud Ecosystem

The technique relies on open-source tools like NFCGate for capturing and modifying NFC traffic, allowing real-time emulation of tokenized card data at point-of-sale (POS ...