2026-01-07 Ghost Tapped Tracking the Rise of Chinese Tap-to-pay Android Malware| Threat Intelligence Malaysia

📃Title: Ghost Tapped: Tracking the Rise of Chinese Tap-to-pay Android Malware
📅Date: 2026-01-07
🔗References:

🔖Rectifyq Taxonomies:

relevancy: 🔴 Highly Relevant
category: ⚔Threat
sub-category: campaign-analysis
target: broad-based
MY-relevancy: relevant
topic: mobile-attack

🔖MISP Galaxies:

producer= Group-IB
financial-fraud=“Fake App”
financial-fraud=“Vishing”
financial-fraud=“Smishing”
financial-fraud=“Phishing”
financial-fraud=“Money Mules”
financial-fraud=“CNP – Card Not Present”
financial-fraud=“Malware”
financial-fraud=“Compromised Payment Cards”
target-information=“Greece”
target-information=“Indonesia”
target-information=“Jordan”
target-information=“Malaysia”
target-information=“Turkey”
target-information=“Uzbekistan”
country=“china”
country=“malaysia”
online-service=“b0c71d51-34fd-47b5-9eb4-dd406ffc607f”
mitre-attack-pattern=[]

MISP event uuid: 284a5040-9bea-495a-9465-2080e97f08df

Indicator of Compromise (IoCs)

type,value,comment
md5, 38c559a701a15da5512c720f047b23a6, ''
md5, 12521a556512e0ce26249a1fdf466075, ''
md5, 0823f249e7a1fa3005dd51abdf1a247e, ''
md5, 978b6a611488de8b9c22546300c92cb8, ''
md5, c673271d4912aae21546b76a2cab8fbd, ''
md5, 6a572f343635e7a26445c72b55a4d9f1, ''
md5, 05f7edd9dab87a1d44cf5472647dea83, ''
md5, 49cfbd21c8f9a985ddea15c47bb267e4, ''
md5, f317a2c35a424f4bf7e3a177bd795487, ''
md5, c9fdbd1ea154a47dac277764ee11c82f, ''
md5, 389ac47a928a625b0cea82fadc138b44, ''
md5, 80128a8e5e9e42db727848ef8d9c9024, ''
md5, 4d4bde78de99e228dfd871e57f72c4b3, ''
md5, 283b3a71d1bace45dce1cbed812cbd55, ''
md5, b284adf3760bfcd792f5b1edcdc3f784, ''
md5, bccb8dbce033d5db7c25411d852692cc, ''
md5, 28029b63be994adf7c2b24de9a0010ac, ''
md5, 45adbdf187bb7d19088a5de8f43444a6, ''
md5, 472ed74ab3454f6571f4f9889f9d5b86, ''
md5, e1d3ccdf0caea2775f2602342b7fe7d9, ''
md5, 6295e7bc410db98baa395d21b0bd56d6, ''
md5, db877081bec683fd1d624aadbf50e660, ''
sha256, 30cc52d1e1e3c544e186d2166f870cedb1e3f9472f6d7aad0fea0cf2d7040347, 'No sample in VT\r\nLast check:26/01/2026'
sha1, cabbb00f66713caf38412fb330e75456a68d0d8c, 'No sample in VT\r\nLast check:26/01/2026'
md5, 1824d0a6a37fb08d35f2463cc413adac, 'No sample in VT\r\nLast check:26/01/2026'
sha256, 04eed57320f2d1ff8924cd62a211f63895d8b5d53ae0b38502197335207e26a6, 'No sample in VT\r\nLast check:26/01/2026'
sha1, 5e69f16d7b3015cf50b81d3985b524e2472a92d9, 'No sample in VT\r\nLast check:26/01/2026'
md5, f390b92a5162d0576606acb966375dd1, 'No sample in VT\r\nLast check:26/01/2026'
sha256, 9c2ab621533f49dd833acf1df253371ceb5b533cfc7e6f44667c2a8641e86ce6, 'No sample in VT\r\nLast check:26/01/2026'
sha1, 291e10b261ff36962b3cf6e9ffeba4830dc558df, 'No sample in VT\r\nLast check:26/01/2026'
md5, 8fec4fd0542d43db5ef44e220863f4e1, 'No sample in VT\r\nLast check:26/01/2026'
sha256, dbb178a385680a20afc59048b396d30e745e5bac1ff1163d0a3c713c06fc89ea, 'No sample in VT\r\nLast check:26/01/2026'
sha1, 17bd829ca6901e8bc228f5020aefac2f89d64e8f, 'No sample in VT\r\nLast check:26/01/2026'
md5, 65a7a66871619313853102fe42f8ea29, 'No sample in VT\r\nLast check:26/01/2026'
sha256, 7eab00634a6b9f1866f2e74987d7f619215a45e34a421e7746e3c49ee148874e, 'No sample in VT\r\nLast check:26/01/2026'
sha1, 725996ab655389bcd6b37d5f86b17859b4167f18, 'No sample in VT\r\nLast check:26/01/2026'
md5, 96345d5bd63db21739db999d6f3dd28a, 'No sample in VT\r\nLast check:26/01/2026'
sha256, 75aa5849eea643aad1f9a485dbf9898511395ab19bde6214002fac5447be8277, 'No sample in VT\r\nLast check:26/01/2026'
sha1, 40b94a2f7aaa7bd0299df832d1aae45d5a262bbd, 'No sample in VT\r\nLast check:26/01/2026'
md5, 2f59040e763a1556259a1929759bd695, 'No sample in VT\r\nLast check:26/01/2026'
sha256, c536c337a2a6eefb82e0459ea207dbc5fc584826294be5f2e6020fa54451166e, 'No sample in VT\r\nLast check:26/01/2026'
sha1, a3b66875129c9602c5b0764e67fbfb4e1d83b3f8, 'No sample in VT\r\nLast check:26/01/2026'
md5, 921cc0aeccfc1a6de065055d21b6b8a7, 'No sample in VT\r\nLast check:26/01/2026'
sha256, b9123df13d9862a618dd3007b1eedc558dd68ccf983025fcad21bf536c8d30ba, 'No sample in VT\r\nLast check:26/01/2026'
sha1, 6a5d16ed45c7d82d2370deb79e2a622d7bfa5810, 'No sample in VT\r\nLast check:26/01/2026'
md5, e1a3d35d298f75a6be3433d8237d9219, 'No sample in VT\r\nLast check:26/01/2026'
sha256, 943cc42b546e35b7a9f3c72c55e5cc0a8ea4593877d7aabc2f461595d43d6728, 'No sample in VT\r\nLast check:26/01/2026'
sha1, e8075eff6efc16cf12b8b4d4334a2c7c83003e28, 'No sample in VT\r\nLast check:26/01/2026'
md5, 4e57c1e8f07a2187224f00abf7b8fce0, 'No sample in VT\r\nLast check:26/01/2026'
sha256, d9ead920368b2f7a1c60e104ba0314fe5c8691da2525e5d776587df138558aeb, 'No sample in VT\r\nLast check:26/01/2026'
sha1, d562058c5e0fdbac9daecbc1df72daa34dcbb271, 'No sample in VT\r\nLast check:26/01/2026'
md5, 58244d7a24eb067628460a69d978e64f, 'No sample in VT\r\nLast check:26/01/2026'
sha256, d8c35d8491c858d171175d2d478806c1a53478316e85b8f814e79e502b3015dd, 'No sample in VT\r\nLast check:26/01/2026'
sha1, c26641321b6488de852ec26996fd067a97798ea1, 'No sample in VT\r\nLast check:26/01/2026'
md5, bbaf80ab7933ad19e55442e3ae8173dd, 'No sample in VT\r\nLast check:26/01/2026'
sha256, c0814d74914ba22ccf3e1d268cf3e24e8f496cac38497b08756573f979494de0, 'No sample in VT\r\nLast check:26/01/2026'
sha1, 7452cec6b191fc6597c33aede946e2c3327319b1, 'No sample in VT\r\nLast check:26/01/2026'
md5, 3dd93ca08bfa1bc25f0e5c66cd8cd4bc, 'No sample in VT\r\nLast check:26/01/2026'
sha256, 365af25a835580b170239e630edd3ab014269d35cd738d94a6fbfdafb931b491, 'No sample in VT\r\nLast check:26/01/2026'
sha1, 66f2f6ce0535f51a2b19acd2933c9a3f67608ea8, 'No sample in VT\r\nLast check:26/01/2026'
md5, 35dd14589f7b11ece671377f1c5836d6, 'No sample in VT\r\nLast check:26/01/2026'
sha256, 2883604a5d6b5664ee314437ffd57145826668cb81db0641b1f3917ac1d55d1e, 'No sample in VT\r\nLast check:26/01/2026'
sha1, 539f3c45556c4c06080f112c772b965ccc09a175, 'No sample in VT\r\nLast check:26/01/2026'
md5, 2d91d95476d7392bdcbd4cf3b520b46c, 'No sample in VT\r\nLast check:26/01/2026'
sha256, d88f10e2ac0d73f9bb0d6fa5acc6c85c34459ab76c7a1b78dc22d00ad4547c2f, 'No sample in VT\r\nLast check:26/01/2026'
sha1, c7454940a07b0beab94138fd2a3c8bb50134bcab, 'No sample in VT\r\nLast check:26/01/2026'
md5, 4f6fd902f7bfbf242bd9ed73dcc0c400, 'No sample in VT\r\nLast check:26/01/2026'
sha256, a04ce09802ba6e45d26179dbd3d2d114af7c8d19110b43dd06f49b563e3829d9, 'No sample in VT\r\nLast check:26/01/2026'
sha1, 58fe37d630e5b471edc77a6d74d35c9c5185280d, 'No sample in VT\r\nLast check:26/01/2026'
md5, e8f512d7893b00dca9fa8577435a2da5, 'No sample in VT\r\nLast check:26/01/2026'
sha256, 2ff79fa1317a04f52d16b09dd8ca9a863cf176bf11410721a8592e1ebff598cf, 'No sample in VT\r\nLast check:26/01/2026'
sha1, e21352b054b4b50a844db4dffcb6290b13a5c9ce, 'No sample in VT\r\nLast check:26/01/2026'
md5, 2c824e96e434646aa383afddc11f0562, 'No sample in VT\r\nLast check:26/01/2026'
sha256, e44a30abf87f1b4403a7342c1447232d547bcf941ca001623802cd0d14f4d576, 'No sample in VT\r\nLast check:26/01/2026'
sha1, 83d013d40de7411495e6cffbd54f341461cf5e06, 'No sample in VT\r\nLast check:26/01/2026'
md5, 58fedd5ade8b7c1417c2bfb2aa0815df, 'No sample in VT\r\nLast check:26/01/2026'
sha256, 9624fad943b1fc73d25c583f9bd9985d15e62cfe4a3db150f4f24b0cf48e52f1, 'No sample in VT\r\nLast check:26/01/2026'
sha1, 6da3b5be62bee006ce6476ecb173f297f5a3e045, 'No sample in VT\r\nLast check:26/01/2026'
md5, 12b7c73ede31313bf7459867a1f292aa, 'No sample in VT\r\nLast check:26/01/2026'
sha256, 966007f0de4be060426050a2176561ee299e2f9bf6e718c3de8ce27e14943783, 'No sample in VT\r\nLast check:26/01/2026'
sha1, c7d487bd0fcb4282e0ceb51ccf58d4dac9163dbf, 'No sample in VT\r\nLast check:26/01/2026'
md5, a4c529428b2a83a0a2ce95b04787d191, 'No sample in VT\r\nLast check:26/01/2026'
sha256, 9e5031688b1b0ee32ddb851e64c33bab6142cab51b27230e5bcf633467d90b10, 'No sample in VT\r\nLast check:26/01/2026'
sha1, fea12fa7ed1b0889f473835109be9685055bd183, 'No sample in VT\r\nLast check:26/01/2026'
md5, 5e43e0750854baea6dcc22d7ba546435, 'No sample in VT\r\nLast check:26/01/2026'
sha256, 3888e1394a803dc5ecdc3717298cee5037bcab98888538f2d051b90d7237e89e, 'No sample in VT\r\nLast check:26/01/2026'
sha1, e050dec14c6f7e7b203f8271a549a2daa5813520, 'No sample in VT\r\nLast check:26/01/2026'
md5, da22525907c121d585a2c65a2d78524d, 'No sample in VT\r\nLast check:26/01/2026'
sha256, abecec0988075e28dfb2fb14aa8ccd721935d0e3371f6ddaf9ab2407d927153f, 'No sample in VT\r\nLast check:26/01/2026'
sha1, f8d9056c399aeccbd354e6f0a3b2eb3950c13c89, 'No sample in VT\r\nLast check:26/01/2026'
md5, e2ae7548c6053d308357d73da4299757, 'No sample in VT\r\nLast check:26/01/2026'
sha256, 4495b3fd162b5df16921f1114f4d85f38dd7ba4644a19d681c40fefebb597efb, 'No sample in VT\r\nLast check:26/01/2026'
sha1, e7fd43143fba664ff079c129bd9da7a62ca173e7, 'No sample in VT\r\nLast check:26/01/2026'
md5, 3a22cf5cebbfe2094fed3b01c91f518f, 'No sample in VT\r\nLast check:26/01/2026'
sha256, 9a9631ab469600514fd0bd30fe34a6daf90ca58bcf5bde5a872218422aeea7c6, 'No sample in VT\r\nLast check:26/01/2026'
sha1, 35acd14621e34e179f3d88dc3eae83e544a49942, 'No sample in VT\r\nLast check:26/01/2026'
md5, f771774e06676209a2546e6967d3cba2, 'No sample in VT\r\nLast check:26/01/2026'
sha256, b5e7b5c93500051787a9f3ee43ba47404ee762ef2477de7db4c74204278d2e05, 'No sample in VT\r\nLast check:26/01/2026'
sha1, 7e9bea5a8251e9b45ff5590161829a2a85e89851, 'No sample in VT\r\nLast check:26/01/2026'
md5, 142818af6913b5bdb9bff3079b54ef86, 'No sample in VT\r\nLast check:26/01/2026'
sha256, fc2c8cd05ef53d21b1c64dd9f9b826e996a2a2931b5d1f7a00d210a40d48deac, 'No sample in VT\r\nLast check:26/01/2026'
sha1, 78d1380ef34e93ea0e3d8d9355c8cad90fc01aa0, 'No sample in VT\r\nLast check:26/01/2026'
md5, 5f11bb9e5e2be2a1c8243777a192c95f, 'No sample in VT\r\nLast check:26/01/2026'
sha256, c1a6a6e6b80b5bcdd71ba3a9abbac789a32aa9a727a2cb4777fddf9055ea6869, 'No sample in VT\r\nLast check:26/01/2026'
sha1, b787f9a84151caf4a7f727a292216f3674c8662a, 'No sample in VT\r\nLast check:26/01/2026'
md5, 49f91198715119d68f2f5da98b77cfa9, 'No sample in VT\r\nLast check:26/01/2026'
sha256, 2149d796535e0eb084820976a6c7a036786760adfc14332632dc0f2ee020ee5b, 'No sample in VT\r\nLast check:26/01/2026'
sha1, 481d3831de6d7a34669b56ec222fd91bbda69376, 'No sample in VT\r\nLast check:26/01/2026'
md5, 68bdf29eea8b4270c10b880d34e57024, 'No sample in VT\r\nLast check:26/01/2026'
sha256, 282156d15c07da7aecf15fb7d1744a1283e8a3f5bb055815ba8108ede0ace588, 'No sample in VT\r\nLast check:26/01/2026'
sha1, 12b9fe55cd97aab0e41066c7b29dad5c123da620, 'No sample in VT\r\nLast check:26/01/2026'
md5, 7ffe4a86e435275af888c0c7c2512033, 'No sample in VT\r\nLast check:26/01/2026'
sha256, 8635a715da2430542c7cb90e94b3c1fe0f95dcd8c7ed837d0fa4a4ce643db6c7, 'No sample in VT\r\nLast check:26/01/2026'
sha1, 9cc7247ea2d494f1dd36fd9fd4a61500a9731833, 'No sample in VT\r\nLast check:26/01/2026'
md5, 0b74b909adfadbb90808352a3c694b9c, 'No sample in VT\r\nLast check:26/01/2026'
sha256, 28eeb9e47996434c07e84b733931f2b801cda21032e9af5d25f170454339f479, 'No sample in VT\r\nLast check:26/01/2026'
sha1, 748d6df07c7287090e286da68906908443bd5221, 'No sample in VT\r\nLast check:26/01/2026'
md5, cba9544d540ebb5d86907645f376f86c, 'No sample in VT\r\nLast check:26/01/2026'
hostname, nfc.rc8820.com, ''
domain, xxnfc.com, ''
domain, txnfc.com, ''
hostname, apk.nfu20251021.win, ''
hostname, app.nfu1010.com, ''

Full IOCs available in Rectifyq’s MISP

Rectifyq

Explorer

2026-01-07 Ghost Tapped Tracking the Rise of Chinese Tap-to-pay Android Malware

Indicator of Compromise (IoCs)

🔴 Latest Relevant 🇲🇾 Threat Articles

2026-04-30 Inside Shadow-Earth-053 A China-Aligned Cyberespionage Campaign Against Government and Defense Sectors in Asia

2026-04-29 Phoenix Rising Exposing the PhaaS Kit Behind Global Mass Phishing Campaigns

2026-04-21 GhostCargo, a 5-years campaign

Graph View