NFC Relay Malware Surge Targeting European Payment Cards

First reported

30.10.2025 22:17

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

A surge of NFC relay malware targeting payment cards has been observed in Eastern Europe. Over 760 malicious Android apps have been identified, exploiting Host Card Emulation (HCE) to steal contactless credit card data. The malware captures EMV fields, manipulates APDU commands, and enables unauthorized payments. The malware has evolved into multiple variants, including data harvesters, relay toolkits, and ghost-tap payments. It has spread across Poland, the Czech Republic, Russia, and Slovakia. The apps impersonate Google Pay and various financial institutions, with over 70 command-and-control servers and Telegram bots facilitating the attacks.

Timeline

30.10.2025 22:17 1 articles · 11d ago

NFC Relay Malware Surge in Eastern Europe
A massive surge of NFC relay malware has been observed in Eastern Europe, with over 760 malicious Android apps identified. The malware exploits Android's Host Card Emulation (HCE) to steal contactless payment data. The malware has evolved into multiple variants and has spread across Poland, the Czech Republic, Russia, and Slovakia. The apps impersonate Google Pay and various financial institutions, with over 70 command-and-control servers and Telegram bots facilitating the attacks.
Show sources

Massive surge of NFC relay malware steals Europeans’ credit cards — www.bleepingcomputer.com — 30.10.2025 22:17
Open in new tab

Information Snippets

Over 760 malicious Android apps using NFC relay techniques have been discovered in Eastern Europe.
First reported: 30.10.2025 22:17

1 source, 1 article
Show sources
- Massive surge of NFC relay malware steals Europeans’ credit cards — www.bleepingcomputer.com — 30.10.2025 22:17
The malware exploits Android's Host Card Emulation (HCE) to steal contactless payment data.
First reported: 30.10.2025 22:17

1 source, 1 article
Show sources
- Massive surge of NFC relay malware steals Europeans’ credit cards — www.bleepingcomputer.com — 30.10.2025 22:17
The malware captures EMV fields and manipulates APDU commands to enable unauthorized payments.
First reported: 30.10.2025 22:17

1 source, 1 article
Show sources
- Massive surge of NFC relay malware steals Europeans’ credit cards — www.bleepingcomputer.com — 30.10.2025 22:17
Multiple variants of the malware have been identified, including data harvesters, relay toolkits, and ghost-tap payments.
First reported: 30.10.2025 22:17

1 source, 1 article
Show sources
- Massive surge of NFC relay malware steals Europeans’ credit cards — www.bleepingcomputer.com — 30.10.2025 22:17
The malware has spread across Poland, the Czech Republic, Russia, and Slovakia.
First reported: 30.10.2025 22:17

1 source, 1 article
Show sources
- Massive surge of NFC relay malware steals Europeans’ credit cards — www.bleepingcomputer.com — 30.10.2025 22:17
The apps impersonate Google Pay and various financial institutions, including Santander Bank, VTB Bank, and ING Bank.
First reported: 30.10.2025 22:17

1 source, 1 article
Show sources
- Massive surge of NFC relay malware steals Europeans’ credit cards — www.bleepingcomputer.com — 30.10.2025 22:17
Over 70 command-and-control servers and Telegram bots are supporting these campaigns.
First reported: 30.10.2025 22:17

1 source, 1 article
Show sources
- Massive surge of NFC relay malware steals Europeans’ credit cards — www.bleepingcomputer.com — 30.10.2025 22:17

Summary

Timeline

NFC Relay Malware Surge in Eastern Europe

Information Snippets