Cyberattacks targeting Android users through near field communication technology have recorded a sharp rise during the first four months of 2026, with cybersecurity researchers warning of increasing risks for mobile banking users in Pakistan and other regions. According to data released by cybersecurity firm Kaspersky, NFC based malware attacks surged by 188 percent compared to the same period last year, highlighting a growing wave of financial cybercrime linked to mobile devices and contactless payment systems. The company reported that its security systems blocked approximately 35,600 attacks between January and April 2026, all associated with Android malware families designed to exploit NFC functionality for fraudulent financial activity.
Researchers noted that the same period in the previous year saw more than 12,300 similar attacks, indicating a significant escalation in both scale and sophistication. The malware families identified in these campaigns include SuperCard X, PhantomCard, NGate, and multiple malicious variants of the NFCGate tool. These threats are specifically engineered to steal banking credentials, intercept card data, and enable unauthorized financial transactions through contactless payment systems. Cybersecurity experts stated that the increasing use of smartphones for financial services has created a wider attack surface, allowing cybercriminals to target users through SMS based scams and malicious mobile applications disguised as legitimate banking tools or financial services platforms.
According to Kaspersky, attackers are primarily using two distinct methods to carry out these NFC based fraud campaigns. The first method, known as Direct NFC, involves contacting victims through messaging applications and convincing them to install malicious software disguised as legitimate financial or banking applications. Once installed, victims are instructed to tap their bank cards against an infected smartphone and enter their PIN codes, allowing attackers to capture sensitive card data and financial credentials. This method relies heavily on social engineering, where victims are manipulated into voluntarily exposing their banking information under the belief that they are completing a secure verification process.
The second method, referred to as Reverse NFC, has been identified as a more advanced and increasingly prevalent attack technique. In this scenario, victims are tricked into installing a malicious application and setting it as their default contactless payment service. The infected device then emits an NFC signal that automated teller machines interpret as a legitimate payment card controlled by the attacker. Victims are further manipulated into depositing funds under the impression that they are transferring money to a secure account, while in reality the funds are routed directly to cybercriminals. Security researchers have warned that Reverse NFC attacks are particularly difficult to detect because transactions appear legitimate from the victim’s perspective, as they are actively involved in authorizing the payments without realizing the fraud. The rise in such attacks comes amid increasing adoption of mobile banking and contactless payment systems in countries like Pakistan, where expanding smartphone usage has significantly increased the potential target base for cybercriminal activity. Cybersecurity experts have advised users to avoid downloading applications from unofficial sources, remain cautious of unsolicited messages related to banking services, and refrain from following instructions from unknown individuals regarding financial transactions or ATM usage.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
