Thursday, August 28, 2025
HomeNewsNew Cybercrime Technique “Ghost-Tapping” Targets Mobile Wallets by Paige Henley

New Cybercrime Technique “Ghost-Tapping” Targets Mobile Wallets by Paige Henley


Paige Henley

Published on: August 21, 2025
Editor

A new cybercriminal scheme called “ghost-tapping” has emerged as a serious threat to contactless payments, enabling criminals to exploit stolen card details linked to services like Apple Pay and Google Pay.

The technique uses Near Field Communication (NFC) relay tactics to commit retail fraud, transforming stolen digital credentials into physical goods through a global network of mules and automated systems.

Analysts at Recorded Future describe it as a dangerous mix of old phishing tricks and new relay technology. “This represents a full end-to-end fraud operation, spanning multiple countries and criminal roles,” they said.

Unlike typical card fraud, which often stays online, ghost-tapping lets criminals make in-person purchases. “That makes detection much harder for traditional fraud monitoring systems,” analysts noted.

Recent reports from Singapore highlight the scale of the threat. Authorities recorded 656 cases of compromised cards tied to mobile wallets between October and December 2024, with losses topping $1.2 million SGD. At least 502 of those involved Apple Pay, showing how widely criminals are exploiting popular platforms.

Threat actors are advertising openly, too. Recorded Future identified a user called @webu8 on Telegram offering burner phones preloaded with stolen credentials. These devices sell for around $500 USDT when packed with ten compromised cards.

The attacks rely on tools such as NFCGate, originally built for legitimate testing but repurposed by criminals. Two phones running the app can relay stolen card data across locations in real-time, allowing a mule at a checkout terminal to process transactions as if the cardholder were present.

With operations traced to Cambodia and China, the scheme is already international. Analysts warn that ghost-tapping could outpace current fraud defenses. As they put it, “Even measures like multi-factor authentication can be bypassed when attackers already have full access to victims’ credentials.”

RELATED ARTICLES

Most Popular

Dominic
32236 POSTS0 COMMENTS
Milvus
80 POSTS0 COMMENTS
Nango Kala
6609 POSTS0 COMMENTS
Nicole Veronica
11779 POSTS0 COMMENTS
Nokonwaba Nkukhwana
11828 POSTS0 COMMENTS
Shaida Kate Naidoo
6719 POSTS0 COMMENTS
Ted Musemwa
7002 POSTS0 COMMENTS
Thapelo Manthata
6678 POSTS0 COMMENTS
Umr Jansen
6690 POSTS0 COMMENTS