NFC-Based Android Banking Attacks Surge 188% in Early 2026, Kaspersky Reports
Islamabad : According to Kaspersky telemetry, the number of NFC-based attacks on Android smartphones aimed at stealing victims’ funds have surged by 188% in the first four months of 2026, compared with the same period in 2025.
From January to April 2026, Kaspersky cybersecurity solutions blocked 35,600 attacks of different Android malware families that use NFC techniques, including SuperCard X, PhantomCard, NGate, as well as other malicious modifications of NFCGate tool, compared to over 12,300 attacks blocked during the first four months in 2025.
At the moment, there are two main schemes of NFC-based attacks. Firstly, Direct NFC in which fraudsters contact victims via messaging apps and, under the guise of verifying users’ identity, trick them into downloading malware that is disguised, for example, as a financial application. Victims are then prompted to tap their bank card to an infected smartphone, as well as to enter the card PIN. As a result, the card data is handed over to the attackers. Second is Reverse NFC, through which scammers send users a malicious application and, using social engineering techniques, persuade them to set this application as a primary contactless payment method on their compromised smartphones. Such application generates an NFC signal that ATMs recognize as the scammers’ card. Victims are then persuaded to go to an ATM and deposit funds into a ‘secure account’ using their infected phone. In reality, the scammers receive the victims’ money.
“While previously attackers relied on ‘direct NFC’ scheme, now the ‘reverse NFC’ appears more common,” comments Sergey Golovanov, chief security expert at Kaspersky. “The danger of a newer, more sophisticated scheme is that this type of fraud is harder to detect and fight against, because victims themselves transfer money to the attackers’ accounts and such transactions are hard to distinguish from legitimate ones. We do not rule out that NFC relay malware itself continue to evolve and geography of attacks will expand. That’s why this threat should be further closely monitored.”
Commenting on the trend, cybersecurity expert and ITSOLERA founder Dr. Hafeez Ur Rehman said: “As digital financial services and contactless payments become increasingly common, particularly in Pakistan, it is essential for users to remain cautious when installing applications or responding to unexpected requests involving their banking information. Continued awareness, responsible digital practices, and close collaboration among financial institutions, technology providers, regulators, and cybersecurity experts will be critical to strengthening resilience against emerging mobile threats and protecting consumers from increasingly sophisticated fraud schemes.”
To protect against NFC relay attacks and other mobile threats, Kaspersky recommends avoid installing apps from unofficial sources. This includes links sent via messaging apps, social media, SMS, or recommended during a phone call. Never follow instructions from strangers at an ATM — no matter who they claim to be. Use a comprehensive security solution, Kaspersky Moile Security on your Android smartphones to prevent visits to phishing sites from web browsers and messengers, and stop malware installation.