China has been at the forefront of mobile payment adoption, but this progress has also opened the door to new attack vectors for cybercriminals.
Traditionally, stealing card data has been the central objectives of fraud schemes such as phishing and malware attacks. Now, however, a technique known as ghost-tapping allows criminals to use stolen credentials for in-store purchases.
Once they obtain card data, they can add it to digital wallets like Apple Pay or Google Pay by intercepting the one-time authentication codes sent by these platforms. Using burner phones, they then make payments to retailers or even withdraw cash from compatible ATMs.
According to researchers from Recorded Future’s Insikt Group found, this trend originated in Southeast Asia and spread quickly across the region. But ghost-tapping could prove equally effective anywhere contactless digital wallet payments are accepted.
An Organized Network
Perhaps more concerning than the specifics of the fraud vector is the substantial infrastructure that supports it. Insikt Group identified organized networks that disseminate both the phones and the phishing software used in ghost-tapping fraud.
It also means that once a criminal makes a fraudulent purchase, they have a network to turn to for selling their ill-gotten goods. Many of these networks had been using the Telegram messaging platform until the company strengthened its security measures last year.
However, the report noted that this only pushed bad actors to shift to other platforms, and that the substantial volume of advertisements and recruitment messages there indicates a burgeoning market for goods obtained through ghost-tapping.
Future Fraudulent Use
These networks represent a growing trend in fraud: the emergence of cybercrime-as-a-service. Such syndicates provide the technology and software used for malware or ransomware attacks to other parties—for a fee.
These groups can increase the scale at which fraud attacks occur, while simultaneously making it harder for authorities to pinpoint the bad actors. Additionally, they lower the barriers to entry for criminals. Insikt Group noted that syndicates would often recycle burner phones and send them back to criminals for future fraudulent use.
