Android users are facing an escalating threat from malicious software designed to steal their payment card information through tap-to-pay systems. Reports indicate that U.S. law enforcement is already making arrests and issuing warnings to banks regarding this sophisticated malware, which deceives users into tapping their physical cards on compromised devices.
According to cybersecurity firm D3Lab, there has been a recent surge of attacks predominantly aimed at users of Italian and other European financial institutions. Criminals commonly lure users with urgent notifications that claim a needed update for their banking applications, which leads them to download dangerous malware.
How the Malware Operates
Once installed, the malware displays a counterfeit verification screen, instructing users to hold their genuine payment cards near their phones. It then captures sensitive card details, including the PIN, and transmits this stolen data directly to the cybercriminals.
Continuously Evolving Tactics
The attackers are constantly evolving their tactics to remain undetected. They frequently change the fraudulent websites they use, rotate the banking names they impersonate, and utilize new hosting methods that complicate efforts by authorities to shut them down. This adaptability is partially due to Android apps having broader access to the NFC chip compared to iPhones, where Apple imposes tight restrictions on what third-party apps can do with this technology.
In this latest wave of attacks, D3Lab notes that harmful files are being stored and regularly updated on GitHub, a widely used platform for software developers. Cybercriminals often push out new versions of the malware using various bank names and clever technical strategies to evade blocking attempts.
This relentless adaptation allows the same method of card theft to keep targeting Android users, despite ongoing security measures in place.


