An arrest in Prague indicates that some phishing attacks are using phones‘ NFC capabilities to impersonate ATM cards and steal cash.
Yesterday I reported that a new breed of phishing attack is using progressive web apps (PWA) specifically targeting Android users, swiping login credentials to go after bank accounts. An update to the original report says that some of the same phishing attacks are also using malware to steal NFC information, allowing them to “clone” phones and use them for theft via contactless payments and ATMs.
The setup uses the same familiar vectors as the PWA attacks, sending out mass texts and emails trying to get users to install a web-based dummy app that mirrors a bank login, then harvesting that data to make illicit transfers. In some cases observed by ESET in March of this year, hackers had used the same techniques to get users to install apps based on the NGate NFC vulnerability.
This allowed them to duplicate the systems used to verify users via the NFC payment system installed on pretty much every modern smartphone and embedded in most debit and credit cards.