Cyber Blog

A new wave of Android malware is targeting banking customers, starting in Brazil, with a malicious app called PhantomCard. The app is disguised as a card protection tool and is promoted through fake Google Play pages that even include phony positive reviews to make it appear trustworthy.

Once installed, the app asks users to place their bank card near the phone, pretending to verify the card. In reality, the malware secretly captures the card information and sends it directly to criminals, who can then clone the card or use the details for fraud.

The operation behind PhantomCard is well organized. The malware is sold as a ready-to-use service, meaning even criminals without advanced technical skills can buy it and use it for scams. This service is part of a larger underground system known as NFU Pay, which fuels digital payment fraud.

Although PhantomCard is currently hitting victims in Brazil, experts warn that similar scams are spreading in other regions, including Southeast Asia, where contactless payments are very popular. In India, a different Android malware called SpyBanker has been spotted. This one is even more invasive, as it can hijack calls by redirecting them to attackers, while also stealing texts, SIM details, and banking information.

These attacks highlight how cybercriminals are taking advantage of people’s trust in apps and contactless technology. Fake apps, hidden malware, and advanced fraud tools are becoming easier to access, putting everyday smartphone users at risk.

To stay safe, experts recommend only downloading apps from official sources, double-checking the developer and reviews, keeping your phone’s security software up to date, and never placing your card against your phone when asked by an unfamiliar app.