Cybersecurity experts at “ThreatFabric” have detected a new cyberattack called “Ghost Tap,” which targets bank cards linked to digital payment services such as Apple Pay and Google Pay, according to a report by The Sun.
An Evolution in Cyberattacks
Last year, researchers at “ESET” uncovered a similar attack known as “NGate,” which allowed cybercriminals to make small payments and withdraw cash from ATMs. However, “ThreatFabric” warns that the newer “Ghost Tap” attacks are far more dangerous and harder to detect, posing a greater threat.
How Does “Ghost Tap” Work?
This attack directly targets bank cards, enabling hackers to purchase anything from any card reader worldwide instead of just withdrawing money from ATMs.
To execute the attack, hackers require:
- Stealing card information: This is often achieved using malware that targets banking or digital payment applications.
- Obtaining the one-time password: This is typically stolen through phishing or spyware.
Once the information is collected, the details are sent to a network of specialists in transferring money.
The Method for Money Transfer
Hackers rely on encrypted intermediary servers to transfer payment data to their smartphones. These devices can simulate Apple Pay and Google Pay services, allowing them to make purchases without detection. To further complicate tracking, the devices are placed in airplane mode.
Challenges for Financial Institutions
“ThreatFabric” reported to Bleeping Computer that there has been a significant increase in these types of attacks recently. While bank fraud detection systems may identify some fraudulent transactions, small transactions often go unnoticed.
The company noted that the ability to make offline fraudulent payments by conducting multiple small purchases at different locations presents a significant challenge. Hackers can buy goods and resell them to launder money illegally.
A Growing Global Risk
Experts warn that the expansion of this global network of money transfer specialists could lead to significant financial losses for users. They urge financial institutions to urgently develop effective solutions to combat these attacks.
A Warning to Users
Users should exercise caution when using digital payment applications, keep their devices updated, and avoid sharing their banking information with suspicious parties.
