What is Ghost Tap?

 The Rise of "Ghost Tap" Fraud: A Growing Mobile Wallet Threat

In recent months, a new and alarming form of mobile payment fraud has emerged, known as "Ghost Tap." This cutting-edge scam, which exploits the convenience of tap-to-pay technology on smartphones, is being utilized by cybercriminals to conduct fraudulent transactions from anywhere in the world.

What is Ghost Tap?

At the core of Ghost Tap is a type of mobile software that allows fraudsters to perform contactless transactions remotely. These transactions are typically made using NFC (Near-Field Communication) technology, which is a key feature in mobile payment systems like Apple Pay and Google Pay. What makes Ghost Tap so dangerous is that it allows criminals to make these payments not from their own phone, but by hijacking the NFC transaction through a remote server. This means a hacker could, for example, wave a phone at a local payment terminal in one country while the actual transaction takes place on a server halfway around the world, such as in China.

How Does Ghost Tap Work?

One of the key elements of Ghost Tap fraud is a piece of Android software called ZNFC, which has been sold on the black market. This app allows cybercriminals to relay valid NFC transactions over the internet from one phone to another. Here's how it works:

  1. Criminal obtains the app: The app is offered for around $500 a month and provides 24-hour support.
  2. Fraudulent payment initiated: A criminal uses the app by tapping their phone against a payment terminal that accepts NFC payments, such as those used for Apple Pay or Google Pay.
  3. Transaction relayed: The app then relays the transaction from a phone located anywhere in the world, like China, to the local payment terminal, making it appear as though the payment is legitimate.

This method is especially concerning because it’s not restricted by geographic boundaries. Criminals can execute fraudulent transactions anywhere, provided they have access to the necessary software and a payment terminal that accepts NFC payments.

Growing Trend in Cybercrime

According to ThreatFabric, a cybersecurity firm, the Ghost Tap method was first documented in November 2024, and it’s already spreading across the globe. Experts have uncovered that various organized crime groups in Europe are using these techniques to drain funds from ATMs that accept smartphone payments, further complicating the fight against financial fraud.

In addition to ATMs, these criminals are targeting retailers, purchasing high-value items like mobile phones, jewelry, and even gold bars, often using the same software to facilitate these transactions. This scheme has been seen in several regions, with criminal groups from different parts of the world adopting it as a method of cashing out mobile wallets.

Real-World Impact

In Singapore, authorities reported arrests of foreign nationals who were recruited online to use Ghost Tap software for fraudulent purchases. These individuals were tasked with buying expensive items from local retailers, including electronics and luxury goods, using stolen or compromised credit card information. Since November 2024, multiple victims have reported unauthorized transactions totaling more than $100,000.

The Ghost Tap fraud scheme is not just confined to a specific region—it’s a global problem that has been growing in scope. Andy Chandler, Chief Commercial Officer at ThreatFabric, noted that researchers have found at least ten distinct methodologies using the same basic approach. However, each group executes the scam in a slightly different way.

The Bigger Picture

What makes Ghost Tap so concerning is that it operates under the radar. Banks and financial institutions have been slow to react to this emerging threat, and, as Chandler points out, "no one is talking about it." The lack of awareness around Ghost Tap allows criminals to exploit the system and generate significant profits, all while evading detection by working through legitimate payment terminals and bypassing traditional security measures.

As these criminal methods become more sophisticated, consumers and businesses must stay vigilant about the potential for mobile payment fraud. Banks, retailers, and mobile payment providers must proactively safeguard their systems and alert customers to the risks of such attacks.

What Can Be Done?

To protect against Ghost Tap fraud, here are a few steps consumers and businesses can take:

  • Monitor accounts regularly: Consumers should monitor their bank and credit card statements for unauthorized transactions and report any suspicious activity immediately.
  • Use strong authentication: Mobile wallets should be secured with biometric features or strong passwords to prevent unauthorized access.
  • Educate and raise awareness: As Ghost Tap becomes more widespread, it's crucial to spread awareness about the risks of mobile payment fraud. This includes informing consumers about phishing attacks and scams that may be used to gain access to sensitive payment information.

Conclusion

The Ghost Tap fraud scheme represents a new frontier in mobile payment security threats. As cybercriminals continue to find innovative ways to exploit mobile payment technologies, both consumers and businesses need to stay informed and take steps to protect themselves. The growing scale of this problem emphasizes the need for a coordinated effort between banks, law enforcement, and cybersecurity experts to combat the rising tide of mobile fraud.


Reference 

https://krebsonsecurity.com/2025/02/how-phished-data-turns-into-apple-google-wallets/ 

Comments

Post a Comment

Popular posts from this blog

Cyber Attack and How to Protect Yourself

  What Is a Cyberattack—and How to Protect Yourself In our increasingly connected world, cyberattacks pose a serious threat to both businesses and individuals. A cyberattack is any attempt—by an individual or organization—to damage, disrupt, or gain unauthorized access to computer networks. Whether driven by political, criminal, or personal motivations, these attacks often target important documents and systems, putting sensitive data at risk. Common Types of Cyberattacks Malware – Malicious software designed to harm or exploit devices. Distributed Denial-of-Service (DDoS) – Overwhelms a network or service with traffic, causing it to crash. Phishing – Fraudulent emails or messages trick users into revealing confidential information. SQL Injection – Attackers insert malicious code into a database through vulnerable web forms or URLs. Cross-Site Scripting (XSS) – Injects harmful scripts into trusted websites, targeting unsuspecting visitors. Botnets – Networks of infected devic...
Read more

Common Password Attacks & How to Protect Yourself

  10 Common Password Attacks & How to Protect Yourself In today’s digital world, passwords act as the first line of defense against cyber threats. However, hackers have developed various techniques to crack passwords and gain unauthorized access. In this post, we’ll explore 10 common password attacks and how to prevent them. 1. Brute Force Attack What It Is: A hacker systematically tries all possible password combinations until the correct one is found. How to Prevent It: ✅ Use long and complex passwords (at least 12–16 characters). ✅ Enable account lockout policies (e.g., lock account after multiple failed attempts). ✅ Use multi-factor authentication (MFA) for added security. 2. Dictionary Attack What It Is: Hackers use a pre-compiled list of common passwords and words (like "password123" or "qwerty") to guess your password. How to Prevent It: ✅ Avoid using common words or phrases as passwords. ✅ Use a password manager ...
Read more