Czech Cybercriminals Unleash New NFC Payment Card Cloning Threat via Smartphones: What You Need to Know

Czech cybercriminals have developed a new, extremely effective way to attack payment cards, using victims’ smartphones. This method allows NFC data from physical payment cards to be cloned using the cardholder’s mobile phone.

As Telepolis reports, experts from ESET, a cybersecurity company, have published a comprehensive report about this new threat on the WeLiveSecurity website. The method of attack is as impressive as it is scary – our own phone, equipped with an NFC module, starts scanning the environment and transfers cloned card data directly into the hands of cybercriminals.

In addition, this method allows not only to receive payment card data, but also all types of contactless access cards. This means that criminals can not only empty our bank accounts, but also gain access to protected buildings, increasing the risk of burglaries.

The first attacks using this method were recorded in December 2023. Since March of this year, criminals have improved their tool by introducing the NGate application for Android, distributed in use of specially designed PWA websites using WebAPK. This modification allowed them to use victims’ phones to collect NFC data from payment cards, eliminating the need to use their own devices.

Surprisingly, to access the phone’s NFC module and turn it into a nearby card reader, the device did not need to be rooted. This greatly increases the risk level and requires an urgent security update on the Android system.

The attack starts with an SMS with false information about a possible tax refund. Clicking on the link will take the victim to a website pretending to be a banking website, where he or she will be asked to update the banking application. At the same time, criminals get access to the real application of the bank, which allows them to change the limits of the card and, therefore, the victim’s account is completely empty.

ESET experts recommend several measures, including checking the authenticity of websites, downloading apps only from official sources, protecting PIN codes, using security apps, turning off NFC when not in use, and use of RFID protection cases.

Although this threat is mainly related to the Czech Republic, experts warn that it could quickly spread to other countries, including Poland. So it’s worth increasing your vigilance now and following the recommendations of cybersecurity experts.

Editor-in-chief of the website. Graduate in Journalism and Political Science from the University of Warsaw.