What Are NFC Relay Attacks and Why Are They Exploding?
NFC relay attacks are a form of contactless payment fraud where attackers intercept and replay near field communication signals from smartphones or cards to perform unauthorized transactions without physically stealing the device or card. Instead of cloning a card in the traditional sense, criminals use mobile malware and specialized tools to capture, modify, and relay NFC signals between a victim’s phone and payment terminals or ATMs. According to Kaspersky telemetry, NFC-based attacks on Android smartphones aimed at stealing victims’ funds surged by 188% in the first four months of 2026 compared with the same period in 2025, rising from more than 12,300 blocked attacks to 35,600. This sharp increase highlights how NFC relay attacks have become one of the most worrying Android security threats for users who rely on contactless payments, transit cards, and digital wallets in daily life.
How Direct NFC Attacks Steal Your Card Data
Direct NFC attacks rely heavily on social engineering and malicious Android apps. Criminals contact potential victims through messaging apps and pose as bank staff, payment providers, or identity verification agents. They persuade the victim to install a fake “financial” or “security” application, which secretly contains NFC relay malware such as SuperCard X, PhantomCard, NGate, or modified NFCGate tools. The app then asks the user to tap a physical bank card against the infected Android smartphone and enter the card PIN, framed as a verification step. In reality, the app captures the card’s NFC data and PIN and sends them to attackers, who can then conduct unauthorized payments or withdraw funds elsewhere. Because victims think they are dealing with a trusted institution, they often overlook warning signs, turning their own phone into a reader that hands card data directly to criminals.
Reverse NFC: When Your Phone Pretends to Be the Attacker’s Card
Reverse NFC attacks flip the usual direction of payment: instead of reading your card, your phone emits an NFC signal that represents the attacker’s card. Fraudsters distribute a malicious Android app and convince users to set it as the default contactless payment method, claiming it provides extra security or a special “safe account.” Once installed, the app generates an NFC signal that ATMs recognize as belonging to the attacker’s card. Victims are then guided, often step by step via phone or chat, to go to an ATM and deposit their cash or transfer funds into this supposed secure account by tapping their phone. The ATM credits the attacker’s card, not the victim’s. Kaspersky notes that reverse NFC schemes are becoming more common and harder to detect because victims themselves initiate and authorize these transactions, making them look legitimate to banks and payment systems.
Why Traditional Android Security Falls Short Against Relay Attacks
NFC relay attacks highlight a gap in mobile payment security: malware abuses legitimate NFC features rather than exploiting obvious software bugs. While mobile security apps can block known malicious packages and phishing sites, they cannot fully prevent every relay technique that rides on standard NFC behavior once a user has granted permissions. Attackers also package their tools into malware-as-a-service offerings, lowering the technical barrier for new criminals. This trend expands the pool of Android security threats beyond classic banking trojans or keyloggers. Because relay fraud often involves the victim’s own phone and credentials, fraud detection systems see many of these payments as normal behavior. As a result, phone-level protections and antivirus tools provide only limited defense, and user awareness about NFC relay risks becomes a critical part of mobile payment security.
Practical Steps to Protect Your Contactless Payments
Reducing exposure to NFC relay attacks requires both technical and behavioral changes. Disable NFC on your Android phone when you are not using contactless payments, transit cards, or digital wallets; keeping it off limits the chance for malware or nearby attackers to misuse NFC signals. Never install apps from links in messaging apps, social media, SMS, or unsolicited emails, and avoid any app that asks you to set it as a default payment method without a clear, trusted origin. Do not follow instructions from strangers at an ATM, regardless of who they claim to represent. Regularly review bank, card, and wallet statements for unfamiliar charges or deposits and report suspicious activity immediately. Finally, use a reputable mobile security app to detect known malware and phishing attempts, understanding that it is a helpful layer, not a complete shield, against NFC relay attacks.