What Are NFC Relay Attacks and Why They’re Exploding
NFC relay attacks are a form of contactless payment theft where criminals intercept and extend near-field communication signals between a victim’s card or phone and a payment terminal, allowing them to approve transactions from a distance without direct physical contact with the cardholder. According to Kaspersky telemetry, NFC-based attacks on Android smartphones aiming to steal funds rose by 188% in the first four months of 2026 compared with the same period in 2025. During that window, Kaspersky blocked 35,600 attacks from Android malware families using NFC techniques, up from more than 12,300 the year before. This spike highlights a serious mobile security threat focused on Android payment security and contactless payment theft. Attackers are also turning these techniques into malware-as-a-service offerings, making it easier for less skilled criminals to join in.
How NFC Relay Attacks Work on Android Devices
In NFC relay attacks, criminals use specialized hardware and malicious apps to capture, forward, and replay NFC signals from Android devices or bank cards. This can extend the effective range of NFC, which is normally only a few centimeters, so that a victim’s device can be abused while it appears safely in their pocket or hand. Tools and malware families such as SuperCard X, PhantomCard, NGate, and modified versions of NFCGate show how attackers adapt legitimate NFC utilities for fraud. Some campaigns rely on malware disguised as financial or identity verification apps. Once installed, these apps can access NFC functions, interact with payment credentials, and send captured data through criminal servers. Because Android phones are widely used for contactless payments and allow third-party apps with NFC permissions, they have become a primary target for this kind of mobile security threat.
Direct NFC: Stealing Card Data Through Social Engineering
In the "direct NFC" scheme, criminals contact victims through messaging apps, pretending to be bank staff or service providers who must verify identity or secure an account. They persuade users to install a fake financial application that secretly contains NFC relay malware. Victims are then instructed to tap their bank card against the infected Android phone and enter the card PIN. This interaction hands over card credentials and PINs directly to the attackers, enabling contactless payment theft and potential card cloning. Because victims believe they are dealing with a trusted organization, they often ignore warning signs such as unfamiliar app publishers or permission requests. This blend of social engineering and NFC exploitation makes direct NFC attacks dangerous, especially for users who install apps from links shared over chat, SMS, or social media without verifying their authenticity.
Reverse NFC: Turning Your Phone Into the Criminal’s Card
Reverse NFC attacks twist the usual payment flow by making your Android phone emit the attacker’s card signal instead of your own. Victims are tricked into installing a malicious app, then persuaded through social engineering to set it as their primary contactless payment method. The app generates an NFC signal that ATMs interpret as the scammers’ card. Victims are told to visit an ATM and deposit funds into a so-called secure account using their phone. In reality, the money goes straight to the criminals. Kaspersky notes that reverse NFC has become more common and is harder to stop because victims voluntarily initiate the transaction, making it look legitimate. These attacks show how Android payment security can be undermined not only by technical exploits but by human trust and confusion around digital banking procedures.
Protecting Your Android Contactless Payments
You can reduce your risk from NFC relay attacks by changing a few Android habits. Disable NFC when you do not need contactless payments or card emulation; this prevents surprise transactions from background malware. Enable and enforce payment limits in your banking or wallet apps so high-value transactions require extra confirmation. Avoid installing apps from links in messaging apps, social networks, SMS, or unsolicited emails—use official app stores and search for apps manually. Keep your Android device and apps updated so security patches can block known NFC-based malware techniques. In crowded public spaces, avoid tapping cards or phones if something feels off, and never follow instructions from strangers at ATMs, no matter who they claim to represent. Finally, review your bank and wallet statements frequently so you can spot and report unauthorized transactions early.
