BANK RAIDER

Horror Android and iPhone mistake lets ‘Ghost Tap’ crooks clone your card to go on spending sprees

Experts are concerned that the wide network of money mules globally can result in significant losses for victims

A NEW money scam targeting Android and iPhone owners can rinse victims bank accounts without needing their physical card or phone.

The attack, dubbed 'Ghost Tap', is cloning cards linked to Google Pay and Apple Pay, mobile security experts at Threat Fabric have warned.

Advertisement
Instead of making withdrawals from ATMs, Ghost Tap crooks can buy whatever they want from any card reader anywhere in the worldCredit: Getty
Experts are concerned that the wide network of money mules globally can result in significant losses for victimsCredit: Alamy

Cyber crooks are able to relay victims' card data to money mules worldwide, who can then withdraw cash without a credit card or device even going missing.

A similar strain of malicious software, known as malware, was detected last year.

This older malware, known as NGate and discovered by researchers at ESET, let criminals make small contactless payments and ATM withdrawals.

However, the recent Ghost Tap operation is even more dangerous and harder to detect, experts have warned.

Advertisement

Instead of making withdrawals from ATMs, Ghost Tap crooks can buy whatever they want from any card reader anywhere in the world.

Criminals do this first by stealing your card information and intercept one-time passwords needed for Google Pay and Apple Pay.

This is typically done through banking malware that lays on top of your legitimate banking or digital payment app.

One-time passwords can also be stolen through phishing scams or spyware.

Advertisement

Most read in Tech

DINO MIGHT
Horned dinosaur that roamed 95m years ago unearthed after fossils ruined
CHAT'S BAD!
Call pals to check SECRET WhatsApp code – it's bad news if yours doesn't match
PLUNGE INTO PAST
‘Once in a century’ Pompeii discovery as ancient SPA is saved from ashes
GOLDEN APPLE
Brits can finally use their AirPods as HEARING AIDS after major rule change

Your card details are then fired out to an extensive network of money mules.

AI scam-baiting GRANNY is taking dodgy calls so you don't have to - and wastes fraudsters' time by rambling about family

The mules use a relay server to transfer your payment information to their smartphone which can mimic your Google Pay or Apple Pay to purchase items with your hard-earned cash.

To evade tracking, crooks will put their device on "airplane mode".

Threat Fabric has seen this type of attack become much more common recently, the security firm told Bleeping Computer.

Advertisement

Security experts note that while your bank's anti-fraud mechanisms may catch out these rogue payments, smaller purchases may go under the radar.

"The new tactic for cash-outs poses a challenge for financial organisations," ThreatFabric wrote.

"The ability of cybercriminals to scale the fraudulent offline purchases, making multiple small payments in different places, might not trigger the anti-fraud mechanisms and might allow cybercriminals to successfully buy goods that can be further re-sold (like gift cards)."

Yet, even small payments add up.

Advertisement

Experts are concerned that the wide network of money mules globally can result in significant losses for victims.

However, if payments are made that should not be physically possible - such as, purchases made in New York and Amsterdam within 10 minutes of each other - the bank should be able to detect that as fraud.

Topics
Advertisement
machibet777.com