A new Android trojan, named NFCShare, has been discovered targeting Deutsche Bank customers through a phishing campaign. The malware, disguised as a banking app update, prompts users to perform a fake card verification process. It exploits NFC technology to steal card data and PINs, which are then exfiltrated to a remote WebSocket endpoint. The trojan's distribution, user flow, and technical analysis are detailed, including its NFC reading capabilities and string obfuscation techniques. The malware shows links to Chinese-linked tooling and similarities to other NFC-based threats. IOCs include hashes, package details, and network indicators.