Rectifyq📃Title: NFC Fraud Wave: Evolution of Ghost Tap on the Dark Web
📅Date: 2025-04-22
🔗References:
Description
Chinese cybercriminals are exploiting NFC technologies for fraudulent purposes, targeting financial institutions and consumers worldwide. They use sophisticated tools like Z-NFC and King NFC to facilitate illegal transactions at scale. The fraudsters leverage Host Card Emulation (HCE) to mimic physical NFC smart cards and create ‘farms’ of mobile devices to automate fraud. They target countries including the US, UK, EU, Australia, Canada, and others. The criminals also abuse NFC-enabled POS terminals and exploit loyalty points programs. This growing threat has led to significant financial losses and poses serious risks to payment security and digital identity systems globally.
🔖Rectifyq Taxonomies:
- relevancy: 🔴 Highly Relevant
- category: ⚔Threat
- sub-category: campaign-analysis
- target: broad-based
- MY-relevancy: relevant
🔖MISP Galaxies:
- target-information=“United States”
- target-information=“Australia”
- target-information=“Canada”
- target-information=“China”
- target-information=“Japan”
- target-information=“Malaysia”
- target-information=“New Zealand”
- target-information=“Philippines”
- target-information=“Saudi Arabia”
- target-information=“Taiwan”
- target-information=“United Arab Emirates”
- target-information=“United Kingdom”
- financial-fraud=“ATM skimming”
- financial-fraud=“CNP – Card Not Present”
- financial-fraud=“Compromised Account Credentials”
- financial-fraud=“Compromised Payment Cards”
- mitre-attack-pattern=[‘T1557’, ‘T1204.002’, ‘T1553.002’, ‘T1555’, ‘T1528’, ‘T1547.001’, ‘T1588.002’, ‘T1059.004’, ‘T1027’, ‘T1027.002’]
MISP event uuid: 009411a0-9eda-4385-bee0-d08e40a9d1ce
Indicator of Compromise (IoCs)
type,value,comment
url, https://znfcqwe.top/, ''
domain, znfcqwe.top, ''
Full IOCs available in Rectifyq's MISP```