
D3Lab detected fresh Android tap-to-pay malware targeting European banks. Users tricked into tapping cards on phones; stolen data used to drain accounts. Banks warned as attackers rotate infrastructure.
Android users are the target of a fresh wave of malware that steals payment card data through tap-to-pay technology, according to a report from cybersecurity firm D3Lab. The attackers trick users with urgent messages about banking app updates, leading them to download malicious software.
Once installed, the malware displays a fake verification screen and prompts the user to hold their physical card near the phone. It reads the card information and the PIN, then sends that data to the thieves. The technique works because Android apps have direct access to the NFC chip. Apple restricts that access on iPhones, making similar attacks much harder on iOS.
D3Lab says the current wave targets Italian and other European banks. The attackers constantly adapt to avoid detection. They rotate which banks they pretend to represent, change their fake websites frequently, and use new hosting methods that authorities find harder to shut down. In this latest wave, harmful files are stored and updated on GitHub, the code-sharing platform. The criminals push out new versions often, using different bank names and technical tricks.
Law enforcement in the U.S. has already made arrests and issued warnings to banks about similar Android malware. The D3Lab report shows the threat is not fading. The same card-theft method keeps reaching Android users despite ongoing security efforts, because the attackers treat their infrastructure as a disposable asset.
The latest attacks target Italian banks, with attackers rotating GitHub repositories to evade detection, D3Lab said.
Prepared with AlphaScala research tooling and grounded in primary market data: live prices, fundamentals, SEC filings, hedge-fund holdings, and insider activity. Each story is checked against AlphaScala publishing rules before release. Educational coverage, not personalized advice.