216.73.217.50

PhantomCard: New NFC-driven Android malware emerging in Brazil

· Published 14/08/2025 15:15 · Modified 14/08/2025 15:32

Export JSON

Essential information

Published
14/08/2025 15:15
Modified
14/08/2025 15:32
Tags
2025-08-14 android trojan banking fraud brazil btmob card protection ghostspy malware-as-a-service nfc relay phantomcard
Related entities
2 observables, 1 intrusion sets (apt), 3 malware, 2 others

Description

A new called is targeting banking customers in , with potential for global expansion. The malware relays NFC data from victims' banking cards to fraudsters' devices, enabling unauthorized transactions. Distributed through fake 'Google Play' pages as a '' app, is based on a Chinese-originating . The actor behind it is a known reseller of Android threats in . 's emergence highlights the growing popularity of NFC-based attacks among cybercriminals and the evolving threat landscape, where local threats can reach global markets through reselling schemes.

External references