Islamabad (GNP): Cybersecurity firm Kaspersky has recorded a dramatic rise in NFC-based attacks targeting Android smartphones, with its telemetry data revealing that such incidents increased by 188% in the first four months of 2026 compared to the corresponding period in 2025.
Between January and April 2026, Kaspersky’s security solutions intercepted approximately 35,600 attacks involving Android malware families that exploit near-field communication technology — including SuperCard X, PhantomCard, NGate, and various malicious adaptations of the NFCGate tool. This marks a sharp increase from the 12,300 attacks recorded during the same period last year, signaling a significant escalation in the scale and sophistication of mobile financial fraud.
Researchers have identified two distinct attack methods currently in circulation. The first, known as Direct NFC, involves criminals approaching potential victims through messaging platforms and impersonating legitimate financial institutions or identity verification services. Victims are manipulated into installing what appears to be a genuine banking application, then instructed to place their payment card against the back of their phone and enter their PIN.
This allows attackers to silently capture card data and use it for unauthorized transactions. The second method, Reverse NFC, takes a notably different approach, fraudsters convince users to install a rogue application and designate it as their default contactless payment method. The application then generates an NFC signal that mimics the attacker’s card credentials at ATMs, while victims are socially engineered into depositing funds into what they are told is a secure account. The deposited money goes directly to the criminals.
Sergey Golovanov, Chief Security Expert at Kaspersky, noted that the balance between these two methods has shifted considerably. While Direct NFC attacks were historically more prevalent, Reverse NFC has now become the dominant approach.
Also Read: Pakistan EPS Adopts Tablet-Based Korean Language Test
He warned that this newer method presents a considerably greater challenge for detection, since the transactions it produces are initiated by the victims themselves and are therefore difficult to distinguish from routine banking activity. Golovanov cautioned that NFC relay malware is likely to continue evolving in capability and that its geographic reach may broaden further, making sustained monitoring of this threat category essential.
Commenting on the broader implications, cybersecurity expert and ITSOLERA founder Dr. Hafeez Ur Rehman highlighted the particular relevance of this threat for Pakistan, where contactless payment adoption is growing steadily. He stressed that users must exercise caution when installing applications or responding to unsolicited requests involving banking credentials, and called for coordinated efforts among financial institutions, technology companies, regulators, and cybersecurity professionals to build stronger defenses against increasingly sophisticated mobile fraud.
To reduce exposure to NFC relay attacks and related threats, Kaspersky advises users to download applications exclusively from official app stores and avoid installing software shared through messaging platforms, social media, SMS, or phone calls. Users should also be wary of any instructions received from unknown individuals at ATMs, regardless of how the request is framed. Installing a trusted mobile security solution on Android devices is strongly recommended to guard against phishing attempts and unauthorized application installations.
