What NFC Relay Attacks Are and Why They Are Growing
NFC relay attacks are a form of mobile payment fraud in which criminals abuse near-field communication signals on smartphones to steal payment card data or redirect victims’ contactless transactions to attacker-controlled accounts. Instead of breaking encryption, these schemes exploit Android NFC vulnerability through malware, social engineering, and misused payment apps. According to Kaspersky telemetry, NFC-based attacks on Android smartphones aimed at stealing victims’ funds rose by 188% in the first four months of 2026 compared with the same period in 2025. From January to April 2026, Kaspersky cybersecurity solutions blocked 35,600 attacks from various Android malware families that use NFC techniques, up from more than 12,300 a year earlier. The spike highlights the growing sophistication of smartphone payment security threats and shows that attackers are actively targeting everyday contactless payments.
How Direct NFC Attacks Steal Card Data
In a direct NFC relay attack, criminals focus on capturing your card details through an infected Android phone. They contact victims through messaging apps and pretend to be bank staff or other trusted services that need to “verify” identity or secure an account. Victims are tricked into installing malware disguised as a financial application, often branded to look like familiar banking or wallet software. Once installed, the app asks the user to tap their physical bank card to the smartphone and enter the card PIN. When the victim complies, the NFC relay malware reads and forwards card data and PIN to the attackers, who can then attempt fraudulent transactions or clone the card. Because the user willingly performs the actions, this kind of smartphone payment security breach can appear normal until unauthorized charges show up.
Reverse NFC: The New, Harder-to-Spot Scam
Reverse NFC attacks flip the direction of the fraud and target live deposits rather than card cloning. Attackers first persuade victims, again via social engineering, to install a malicious application and set it as the primary contactless payment method on their Android phone. This app then generates an NFC signal that ATMs recognize as the scammers’ card instead of the victim’s. The criminals instruct victims to go to an ATM and deposit funds into a supposed “secure account” using their phone. In reality, the ATM treats the transaction as a deposit into the attacker’s account. Kaspersky experts note that reverse NFC has become more common, and this evolution matters because victims themselves initiate the transfer, making these transactions harder for banks to distinguish from legitimate payments and tougher to recover.
Why NFC Relay Malware Is Spreading So Fast
The rapid growth of NFC relay attacks reflects both technical progress and crime-as-a-service business models. The first publicly reported attacks that used a modified legitimate NFC tool appeared in late 2023 and were initially spotted on Android devices before spreading further. Since then, malware families such as SuperCard X, PhantomCard, NGate, and other malicious modifications of the NFCGate tool have been used to run large-scale campaigns against smartphone payment security. Over time, cybercriminals have packaged NFC relay malware into malware-as-a-service offerings, lowering the skill barrier for new attackers and accelerating adoption. As these tools improve, criminals can more easily intercept or emulate NFC transactions and hide malicious behavior behind familiar banking workflows. The result is a broader geography of attacks, more victims exposed to Android NFC vulnerability, and a pressing need for user awareness.
Practical Steps to Secure Your Mobile Payments
You can reduce your risk from NFC relay attacks with a few consistent habits. Disable NFC on your Android phone when you do not need contactless payments, so malware cannot silently trigger wireless transactions. Use payment apps that add extra authentication, such as strong PINs or biometrics, before any NFC payment goes through. Keep your operating system, banking apps, and security software updated so known NFC-based exploits and malware families are blocked quickly. Avoid installing apps from unofficial links in messaging apps, social networks, SMS, or phone calls, even if they claim to be from your bank. Never follow instructions from strangers at an ATM, regardless of what they say. Finally, use a comprehensive mobile security solution that can detect phishing sites and block malicious apps before they can access NFC functions.