PhantomCard: New NFC-driven Android malware emerging in Brazil
Essential information
- Published
- 14/08/2025 15:15
- Modified
- 14/08/2025 15:32
- Tags
- 2025-08-14 android trojan banking fraud brazil btmob card protection ghostspy malware-as-a-service nfc relay phantomcard
- Related entities
- 2 observables, 1 intrusion sets (apt), 3 malware, 2 others
Description
A new Android Trojan called PhantomCard is targeting banking customers in Brazil, with potential for global expansion. The malware relays NFC data from victims' banking cards to fraudsters' devices, enabling unauthorized transactions. Distributed through fake 'Google Play' pages as a 'card protection' app, PhantomCard is based on a Chinese-originating NFC relay Malware-as-a-Service. The actor behind it is a known reseller of Android threats in Brazil. PhantomCard's emergence highlights the growing popularity of NFC-based attacks among cybercriminals and the evolving threat landscape, where local threats can reach global markets through reselling schemes.