The global carding industry, once dominated by Russian hackers, has found a new lease on life through the innovative tactics of Chinese cybercriminal groups.
By exploiting stolen payment card data, these groups are leveraging advanced phishing techniques to load fraudulent digital wallets into Apple Pay and Google Wallet.
This method allows hackers to bypass traditional security measures and commit fraud both online and in physical stores.
Sophisticated Phishing Campaigns Target Mobile Users
Chinese cybercriminals have developed highly effective phishing kits that exploit mobile communication platforms like Apple iMessage and RCS on Android devices.
These phishing campaigns often masquerade as messages from legitimate entities such as the U.S.
Postal Service or toll road operators, tricking victims into entering their payment card details on fake websites.
Once victims provide a one-time passcode sent by their financial institution, hackers link the stolen card to a mobile wallet controlled by them.
Ford Merrill, a security researcher at SecAlliance, revealed that these phishing kits are equipped with advanced features, such as real-time data capture and backend storage of stolen information.
This ensures that even if phishing websites are taken down, the stolen data remains secure in the attackers’ databases.
Merrill also noted that these kits can create digital images of stolen cards, enabling seamless integration into mobile wallets by scanning the fabricated images.
Fraudulent Wallets Fuel Lucrative Black Markets
Once the stolen payment card data is linked to mobile wallets, criminals monetize it through various schemes.
Some set up fake e-commerce businesses on platforms like Stripe or Zelle to process fraudulent transactions ranging from $100 to $500.
Others sell smartphones preloaded with multiple stolen wallets for hundreds of dollars each.
Promotional videos shared on Telegram channels show stacks of phones labeled with wallet details, ready for sale in bulk shipments.
A cutting-edge technique known as “ghost tap” has also emerged, where hackers use an Android app called ZNFC to relay NFC-based transactions globally.
This app enables criminals to conduct tap-to-pay transactions remotely, further complicating efforts to track fraudulent activities.
Security experts at ThreatFabric have identified similar schemes being adopted by organized crime groups in Europe, where mobile wallets are used to withdraw cash from NFC-enabled ATMs or purchase high-value goods like jewelry and electronics.
The rise of these sophisticated scams has exposed vulnerabilities in mobile wallet provisioning processes, particularly the reliance on one-time passcodes sent via SMS for authentication.
Experts argue that this outdated method has facilitated the surge in fraud linked to digital wallets.
While some banks in Europe and Asia now require customers to authenticate through their mobile apps, many institutions remain unprepared for the scale of these attacks.
Tech giants Apple and Google also face scrutiny for their role in enabling these scams.
Criminals are reportedly creating mass accounts on their platforms to distribute phishing messages and load stolen wallets onto devices.
Security experts suggest that Apple and Google could mitigate this issue by identifying suspicious patterns, such as devices with multiple wallets linked to different individuals globally.
Despite growing awareness, combating these schemes remains an uphill battle due to the rapid evolution of tactics employed by cybercriminals and the reluctance of retailers to upgrade payment terminals before their lifecycle ends.
Meanwhile, the financial losses attributed to these scams continue to rise, with estimates suggesting billions of dollars in fraudulent charges annually.
