What happened
New Ghost Tapped Android attack uses your Android device as part of a banking fraud campaign where malicious apps exploit Android mobile features to indirectly drain banking accounts. The attack chain observed involves malicious apps abusing near-field communication (NFC) or other OS interactions to relay sensitive payment data and trigger unauthorized transfers through fake banking app interfaces. These malicious apps are distributed through cloned or deceptive app packages that lure users into installation via social engineering and fake prompts. Once installed, the malware orchestrates interaction sequences that capture banking credentials and session tokens, enabling financial theft without obvious user consent. Ghost Tapped-style techniques manipulate user input or system interfaces to conceal malicious actions while mimicking legitimate banking operations.Â
Who is affected
Android device users with banking applications installed are directly at risk of unauthorized financial transactions and credential compromise; the exposure is active, relying on user installation of deceptive apps.
Why CISOs should care
This attack illustrates how mobile platforms and banking apps remain a profitable vector for financial cybercrime, highlighting the need for robust mobile threat defense, secure app distribution practices, and account protection strategies.
3 practical actions
- Harden mobile app vetting: Enforce stricter mobile app verification policies and block installations from unofficial stores.
- Increase mobile threat detection: Deploy advanced mobile security solutions to identify malicious behavior and app anomalies.
- Educate users: Deliver targeted awareness on avoiding deceptive Android apps and unsafe permissions.