In recent years, cybercriminals have been developing new techniques to carry out large-scale attacks on mobile payment services using Near Field Communication (NFC). One of the latest methods, named Ghost Tap by ThreatFabric, has become a powerful tool for stealing money from victims.
Core Technology Behind Ghost Tap
The primary goal of Ghost Tap is to cash out funds from victims' credit cards or mobile payment services (such as Google Pay and Apple Pay) without needing a physical card or device. This attack relies on a legitimate tool called NFCGate, which is designed to capture, analyze, or relay NFC traffic.
NFCGate was originally developed by researchers from Germany’s Darmstadt University of Technology as a security research tool. It enables the following:
- One device acts as a reader to scan NFC tags.
- Another device uses Host Card Emulation (HCE) to simulate NFC tags.
- The two devices relay NFC traffic through a server.
Hackers exploit this functionality to transmit a victim’s NFC data to a remote device, allowing them to perform fraudulent transactions anywhere in the world.
The Ghost Tap Attack Process
1. Stealing Victim Information
The attack begins by tricking victims into downloading malicious mobile banking software. These apps steal banking credentials and one-time passwords (OTPs) through overlay attacks, keylogging, or voice phishing.
2. Linking to Virtual Payments
After obtaining the victim's credit card details, attackers link the card to mobile payment services like Google Pay or Apple Pay.
3. Relaying Payment Data
To bypass credit card issuer detection, the attackers use NFCGate to relay tap-to-pay data to mule devices. These mules use the virtual card to make fraudulent purchases, such as gift cards or high-value items, in stores.
4. Anonymity and Multi-Location Operations
Cybercriminals enhance their anonymity and scale their attacks by:
- Using stolen cards remotely in different countries or locations.
- Conducting multiple transactions through various mule devices within a short period.
Why Is Ghost Tap So Dangerous?
Ghost Tap’s efficiency and stealth pose significant threats to financial institutions and retailers:
- Bypassing Anti-Fraud Mechanisms
Transactions appear to originate from the victim’s legitimate device, making detection difficult. Devices may also be in airplane mode, preventing location tracking. - Rapid Scaling
Attackers can quickly execute multi-location attacks, utilizing multiple mule devices to maximize profits. - Transaction Masking
Since transactions follow legitimate payment processes, anti-fraud systems struggle to identify them as fraudulent.
Challenges for the Financial Industry
According to ThreatFabric, advancements in communication technology and the lack of time-based detection mechanisms in ATMs and POS terminals make this attack method increasingly feasible. Hackers’ devices can operate far from the transaction site, bypassing existing security systems.
The anonymity and multi-location nature of Ghost Tap attacks make it difficult for financial institutions to respond swiftly. Additionally, these attacks can recruit numerous mules, further scaling the fraud operation.
How to Defend Against Ghost Tap Attacks
To mitigate the threat of Ghost Tap attacks, financial institutions, retailers, and users should implement the following measures:
- Enhance Anti-Fraud Systems
Improve POS terminals and banking systems with time- and location-based detection features. - User Education
Raise awareness about malicious apps and phishing attacks. Encourage users to avoid downloading applications from untrusted sources. - Multi-Layer Authentication
Implement stricter identity verification for adding new payment devices or processing high-risk transactions. - Real-Time Monitoring of NFC Traffic
Identify and block abnormal NFC communication patterns. - Temporarily Disable NFC Payment
Since Ghost Tap relies on capturing and relaying NFC data, disabling NFC payment on your device can prevent attackers from accessing your information and executing fraudulent transactions.
Conclusion
Ghost Tap represents a new frontier in cybercrime, leveraging NFCGate technology and mobile payment services to enable rapid, anonymous global fraud. This sophisticated method poses a significant challenge to financial systems and highlights the need for enhanced collaboration to develop robust defense mechanisms and protect user funds.
