Security researchers at Threat Fabric have uncovered a sophisticated payment fraud scheme dubbed “Ghost Tap” that exploits vulnerabilities in NFC technology to compromise Apple Pay and Google Pay transactions. This innovative attack methodology leverages a distributed network of money mules and modified NFC relay tools to conduct unauthorized transactions using stolen payment card data.
Understanding the Ghost Tap Attack Vector
The attack chain begins with threat actors harvesting payment card credentials through various attack vectors, including banking trojans, phishing campaigns, and keyloggers. Criminals then intercept one-time passwords (OTP) using malware or social engineering techniques to facilitate the unauthorized registration of compromised cards in digital wallet services.
Technical Infrastructure and Attack Methodology
At the core of Ghost Tap lies a modified version of NFCGate, an open-source NFC traffic manipulation tool. The attackers have developed a sophisticated relay server infrastructure that distributes compromised card data across a network of money mules. These mules execute unauthorized purchases at physical point-of-sale terminals, creating what appear to be legitimate transactions.
Advanced Evasion Techniques
What sets Ghost Tap apart is its innovative approach to evading detection. Money mules conduct transactions with devices in airplane mode, effectively masking their digital footprint. The scheme exploits the inherent trust in NFC transactions, as payments appear to originate from a single device despite being executed across multiple geographic locations.
Detection Challenges and Security Implications
Traditional fraud detection systems struggle to identify Ghost Tap attacks due to their sophisticated nature. The primary indicator of compromise is the detection of rapid successive transactions from the same card at geographically impossible distances. Financial institutions are advised to implement enhanced monitoring systems and additional verification mechanisms for contactless payments.
The emergence of Ghost Tap represents a significant evolution in payment fraud techniques, highlighting the ongoing arms race between security professionals and cybercriminals. As contactless payments continue to grow in popularity, financial institutions must adapt their security measures to address these emerging threats. Users should regularly monitor their transaction history and immediately report any suspicious activity to their financial institutions. Additionally, enabling transaction notifications and maintaining strong authentication practices can help mitigate the risk of falling victim to such sophisticated fraud schemes.
