Zimperium zLabs published new findings showing a rapid, global increase in NFC relay malware that abuses Android’s Host Card Emulation (HCE) to harvest payment data and complete fraudulent “tap-to-pay” transactions.
First observed in April 2024 as isolated samples, this campaign family has expanded to more than 760 malicious apps, leveraging 70+ command-and-control servers, dozens of Telegram bots/channels, and localised impersonation of banks and government services across Russia, Poland, Czechia, Slovakia, Brazil and beyond.
