A sharp rise in NFC-based cyberattacks is increasing fraud risks for banks, fintech firms, and payment providers, as cybercriminals exploit contactless payment technology to steal funds from Android users.
Cybersecurity firm Kaspersky said Wednesday NFC-related malware attacks surged 188 percent in the first four months of the year, with its security solutions blocking 35,600 attacks from January to April, up from more than 12,300 during the same period last year.
According to Kaspersky, attackers are increasingly shifting to so-called “reverse NFC” schemes, in which victims are manipulated into transferring money themselves through compromised smartphones.
“While previously attackers relied on ‘direct NFC’ scheme, now the ‘reverse NFC’ appears more common,” said Sergey Golovanov, chief security expert at Kaspersky.
“The danger of a newer, more sophisticated scheme is that this type of fraud is harder to detect and fight against, because victims themselves transfer money to the attackers’ accounts, and such transactions are hard to distinguish from legitimate ones.
We do not rule out that the NFC relay malware itself continues to evolve and geography of attacks will expand. That’s why this threat should be further closely monitored.”
Unlike traditional card fraud, reverse NFC attacks can bypass some conventional fraud controls because transactions appear to be initiated by legitimate account holders. Industry observers say this could complicate reimbursement disputes and increase operational costs for financial institutions.
While Russia remains the primary target market, Kaspersky said users in Europe and Latin America are also increasingly being affected, suggesting the threat is spreading globally.
The company also warned that NFC relay malware has evolved into a malware-as-a-service (MaaS) offering, making sophisticated attack tools more accessible to cybercriminal groups and potentially accelerating the spread of such attacks.
“The first publicly reported attacks that used a modified legitimate NFC tool occurred in late 2023. Those attacks were primarily detected in Europe. Then users from Russia and other regions faced similar mobile malware attacks.
Later, it became known that cybercriminals packaged NFC relay malware into a malware-as-a-service offering, potentially simplifying access to malicious tools for other attackers. NFC relay campaigns demonstrate how threat actors adapt and reuse new methods to steal users’ funds,” added Dmitry Kalinin, cybersecurity expert at Kaspersky.
