Close Menu
The CISO Brief
  • Home
  • Cyberattacks
    • Ransomware
    • Cybercrime
    • Data Breach
  • Emerging Tech
  • Threat Intelligence
    • Vulnerabilities
    • Cyber Risk
  • Expert Insights
  • Careers and Learning
  • Compliance

Subscribe to Updates

Subscribe to our newsletter and never miss our latest news

Subscribe my Newsletter for New Posts & tips Let's stay updated!

What's Hot

Serial Hacker Who Targeted 3,000 Sites Gets 20 Months in Prison

August 18, 2025

Ghost Tapping Attacks: Stealing Card Info from Apple Pay & Google Pay

August 18, 2025

New 5G Attack Bypasses Malicious Base Stations

August 18, 2025
Facebook X (Twitter) Instagram
The CISO Brief
  • Home
  • Cyberattacks
    • Ransomware
    • Cybercrime
    • Data Breach
  • Emerging Tech
  • Threat Intelligence
    • Vulnerabilities
    • Cyber Risk
  • Expert Insights
  • Careers and Learning
  • Compliance
The CISO Brief
Home » Ghost Tapping Attacks: Stealing Card Info from Apple Pay & Google Pay
Cyberattacks

Ghost Tapping Attacks: Stealing Card Info from Apple Pay & Google Pay

Staff WriterBy Staff WriterAugust 18, 2025No Comments4 Mins Read0 Views
Facebook Twitter Pinterest LinkedIn Tumblr Email
Share
Facebook Twitter LinkedIn Pinterest WhatsApp Email

Quick Takeaways

  1. Ghost-tapping is a sophisticated cybercriminal technique that exploits NFC relay technology to enable in-person retail fraud, bypassing traditional detection methods.
  2. The operation involves automated harvesting of payment card data via phishing and malware, which is then loaded onto burner phones and relayed to payment terminals in real-time using NFCGate tools.
  3. Threat actors operate across Southeast Asia, specifically Cambodia and China, selling loaded burner phones and offering services to a global network, complicating law enforcement efforts.
  4. The method exploits legitimate NFC protocols, allowing criminals to carry out large-scale, cross-border fraud that targets popular mobile wallets like Apple Pay with increasing success.

Problem Explained

A new, highly sophisticated cybercrime technique called “ghost-tapping” has recently emerged as a major threat to contactless payment systems, specifically targeting mobile wallets like Apple Pay and Google Pay. Using advanced Near Field Communication (NFC) relay technology combined with traditional phishing and malware attacks, Chinese-speaking criminal groups are able to steal payment card information, load it onto burner phones, and then perform in-person fraudulent purchases at retail stores worldwide. This operation involves multiple roles within a criminal network, from selling compromised devices loaded with stolen data to executing real-time relay attacks that allow illicit transactions without physical contact, effectively bypassing traditional security measures. Recent reports from Singapore highlight the scale of this threat, with over 650 compromised cards involved and losses exceeding $1.2 million SGD, emphasizing the global reach and resilience of these organizations. Law enforcement agencies and cybersecurity experts have traced these operations to regions like Cambodia and China, revealing a complex, cross-border infrastructure that makes combating ghost-tapping particularly challenging due to its automation, use of relayed NFC signals, and the exploitation of banking vulnerabilities.

Risk Summary

The emergence of “ghost-tapping,” a highly sophisticated cybercriminal technique, dramatically amplifies the threat landscape for contactless payment systems by exploiting NFC relay technology to conduct in-person retail fraud across borders. This method involves stolen payment credentials—particularly from mobile wallets like Apple Pay and Google Pay—processed through automated systems and specialized tools such as NFCGate, which relay tokenized card data from compromised devices to payment terminals in real time, bypassing physical proximity and traditional security measures. Criminal operations span multiple countries, notably Southeast Asia, leveraging mule networks, burner phones, and automated workflows to add stolen cards seamlessly and execute large-scale fraudulent transactions, resulting in significant financial losses—as evidenced by over $1.2 million SGD lost in Singapore alone within a recent three-month period. These attacks not only evade conventional detection strategies by mimicking legitimate NFC communication but also exploit gaps in banking security protocols, making them difficult to detect and prevent. The global sociotechnical infrastructure supporting ghost-tapping, combined with its ability to bypass multi-factor authentication and other security controls, underscores a growing, resilient menace that challenges law enforcement and financial institutions worldwide, threatening the integrity of the contactless payment ecosystem and emphasizing the urgent need for advanced detection and response capabilities.

Fix & Mitigation

In the rapidly evolving landscape of cyber threats, addressing new ghost-tapping attacks promptly is crucial to defending consumers and maintaining trust in digital payment services.

Immediate Detection
Implement advanced monitoring systems to identify suspicious activity linked to card services like Apple Pay and Google Pay.

User Alerts
Notify affected customers immediately when unusual transactions are detected to enable quick action.

Account Freeze
Temporarily suspend compromised accounts to prevent further unauthorized access.

Enhanced Authentication
Require multi-factor authentication for all transactions linked to digital wallets to strengthen security.

Security Patches
Regularly update and patch payment platforms to fix vulnerabilities exploitable by attackers.

Collaborate with Authorities
Work alongside law enforcement agencies to investigate and dismantle ghost-tapping operations.

Customer Education
Inform users about safe practices and how to recognize potential fraudulent activity to empower proactive defense.

Network Security
Fortify network defenses with encryption, intrusion detection systems, and secure communication protocols.

Vendor Coordination
Engage with payment service providers to ensure comprehensive security measures are in place and swiftly updated against emerging threats.

Explore More Security Insights

Discover cutting-edge developments in Emerging Tech and industry Insights.

Understand foundational security frameworks via NIST CSF on Wikipedia.

Disclaimer: The information provided may not always be accurate or up to date. Please do your own research, as the cybersecurity landscape evolves rapidly. Intended for secondary references purposes only.

Cyberattacks-V1

CISO Update Cybersecurity MX1
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticleNew 5G Attack Bypasses Malicious Base Stations
Next Article Serial Hacker Who Targeted 3,000 Sites Gets 20 Months in Prison
Avatar photo
Staff Writer
  • Website

John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.

Related Posts

Serial Hacker Who Targeted 3,000 Sites Gets 20 Months in Prison

August 18, 2025

New 5G Attack Bypasses Malicious Base Stations

August 18, 2025

Exploit Unveiled: Windows Vulnerability Sparks PipeMagic RansomExx Attacks

August 18, 2025

Comments are closed.

Latest Posts

Serial Hacker Who Targeted 3,000 Sites Gets 20 Months in Prison

August 18, 20250 Views

Ghost Tapping Attacks: Stealing Card Info from Apple Pay & Google Pay

August 18, 20250 Views

New 5G Attack Bypasses Malicious Base Stations

August 18, 20250 Views

Exploit Unveiled: Windows Vulnerability Sparks PipeMagic RansomExx Attacks

August 18, 20250 Views
Don't Miss

Big Risks for Malicious Code, Vulns

By Staff WriterFebruary 14, 2025

Attackers are finding more and more ways to post malicious projects to Hugging Face and…

North Korea’s Kimsuky Attacks Rivals’ Trusted Platforms

February 19, 2025

Deepwatch Acquires Dassana to Boost Cyber Resilience With AI

February 18, 2025

Subscribe to Updates

Subscribe to our newsletter and never miss our latest news

Subscribe my Newsletter for New Posts & tips Let's stay updated!

About Us
About Us

Welcome to The CISO Brief, your trusted source for the latest news, expert insights, and developments in the cybersecurity world.

In today’s rapidly evolving digital landscape, staying informed about cyber threats, innovations, and industry trends is critical for professionals and organizations alike. At The CISO Brief, we are committed to providing timely, accurate, and insightful content that helps security leaders navigate the complexities of cybersecurity.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

Serial Hacker Who Targeted 3,000 Sites Gets 20 Months in Prison

August 18, 2025

Ghost Tapping Attacks: Stealing Card Info from Apple Pay & Google Pay

August 18, 2025

New 5G Attack Bypasses Malicious Base Stations

August 18, 2025
Most Popular

Designing and Building Defenses for the Future

February 13, 202516 Views

United Natural Foods Faces Cyberattack Disruption

June 10, 20257 Views

VanHelsing Ransomware Builder Leaked: New Threat Emerges!

May 20, 20255 Views
© 2025 thecisobrief. Designed by thecisobrief.
  • Home
  • About Us
  • Advertise with Us
  • Contact Us
  • DMCA
  • Privacy Policy
  • Terms & Conditions

Type above and press Enter to search. Press Esc to cancel.