Surge in Android Malware Exploiting Device Features for Financial Theft
A new Android malicious software called PhantomCard is targeting bank customers in Brazil by stealing credit and debit card data using NFC (near-field communication). The malware copies card info from a victim’s phone and sends it to criminals, who can then make fake payments.
PhantomCard spreads through fake Google Play pages offering a “card protection” app called Proteção Cartões, tricking users with fake positive reviews. When users install it and place their card near the phone, the app steals card details and PINs and sends them to attackers.
This malware allows criminals to use the victim’s card remotely, making transactions at nearby payment terminals or ATMs. It’s linked to a Chinese group selling similar malware services on Telegram.
Similar NFC-based fraud is growing in other countries, including the Philippines and India, where fake banking apps and malware spread through WhatsApp and phishing sites. These apps steal sensitive info and sometimes run hidden cryptocurrency miners.
Google says no apps with this malware are on the official Play Store, and Android devices have built-in protection through Google Play Protect.
Recommendations to Stay Safe:
- Only download apps from official app stores like Google Play.
- Be cautious of apps asking for sensitive info or NFC card scans.
- Avoid clicking on links from unknown texts or messages.
- Enable Google Play Protect and keep your phone updated.
- Use strong, unique PINs and avoid sharing them.
- Monitor your bank accounts regularly for suspicious activity.
- Install a trusted mobile security app for extra protection.
- Avoid rooting your Android device unless absolutely necessary.
- Do not install apps outside trusted sources or click on suspicious ads.
Source: https://thehackernews.com/2025/08/new-android-malware-wave-hits-banking.html