China has been at the forefront of mobile payment adoption, but this advancement has also opened new avenues for cybercriminals.
Historically, card data theft has been the primary goal in fraud schemes like phishing and malware attacks. However, a novel technique called ghost-tapping now enables criminals to use stolen credentials for in-store purchases.
After acquiring card data, they can add it to digital wallets such as Apple Pay or Google Pay by intercepting one-time authentication codes sent by these platforms. With the aid of burner phones, they proceed to make payments to retailers or even withdraw cash from compatible ATMs.
According to researchers from Recorded Future’s Insikt Group, this trend originated in Southeast Asia and quickly spread throughout the region. However, ghost-tapping could prove equally effective wherever contactless digital wallet payments are accepted.
An Organized Network
More worrisome than the specifics of the fraud vector is the substantial infrastructure supporting it. Insikt Group identified organized networks that distribute both the phones and phishing software used in ghost-tapping fraud.
These networks allow criminals to sell their ill-gotten goods once a fraudulent purchase has been made. Many of these groups previously utilized Telegram until the platform enhanced its security measures last year, forcing them to migrate to other platforms.
Despite this shift, the report highlighted the ongoing market for ghost-tapping-related goods through the substantial volume of advertisements and recruitment messages on alternative platforms.
FUTURE Fraudulent Use
These networks represent a growing trend in fraud: the emergence of cybercrime-as-a-service. Such syndicates offer the technology and software used for malware or ransomware attacks to other parties, often for a fee.
These groups not only increase the scale at which fraud attacks occur but also make it more difficult for authorities to identify the perpetrators. Additionally, they lower the barriers to entry for criminals, as Insikt Group noted that syndicates frequently recycle burner phones and reuse them in future fraudulent activities.