NFCShare Android malware is being spread through fake banking app updates on GitHub and now targets customers of multiple banks across Europe to steal payment card data. The malware uses a fake NFC verification screen to capture card details and a PIN, then sends the stolen information to its C2 server for relay-based payment fraud. #NFCShare #D3Lab #Intesa #Sella #Nexi #Fideuram #Mooney #CaixaBank #DeutscheBank
Keypoints
- NFCShare is distributed as fake updates for legitimate banking apps on GitHub.
- It targets customers of banks and financial institutions across Europe.
- The malware tricks victims into placing cards near the phoneβs NFC chip.
- It steals card data, expiry dates, and a 4-digit PIN, then exfiltrates it to a C2 host.
- The latest version uses malformed APK packaging to hinder automated analysis.