New Android Trojan PhantomCard Steals Brazilian Bank Data in Real-Time
A new Android Trojan, PhantomCard, is causing concern among cybersecurity experts. This malware targets Brazilian banking customers, stealing card data for real-time fraudulent payments. The threat actor behind it is a known reseller of Android threats in Brazil, and the malware is tailored to the region.
PhantomCard spreads through fake Google Play 'card protection' apps, tricking users into downloading it. Once installed, it uses the 'scuba_smartcards' library to parse card data and sends it to its server. The malware creates a live channel between a victim's card and a POS/ATM near the criminal, enabling real-time fraudulent payments.
The malware, previously known as 'GHOST NFC CARD', is based on Chinese NFC relay Malware-as-a-Service. It's offered through a MaaS model, with the developer or responsible company/person behind it not publicly disclosed. ThreatFabric warns of PhantomCard's potential global expansion, as it's designed for Brazil but could target other regions.
The presence of PhantomCard-like malware on a user's device should be a strong risk indicator for financial organizations. As the malware is tailored for Brazil, users and institutions in the region should be particularly vigilant. Further research is needed to identify the developer or responsible company/person behind PhantomCard and SuperCard X, the Malware-as-a-Service it's based on.
