NFC Relay Malware Targets Mobile Payment Users

Cyble Research and Intelligence Labs (CRIL) has identified a new NFC relay malware campaign targeting mobile payment users. The malware, named RelayNFC, turns victims' Android devices into remote card readers, enabling attackers to perform fraudulent contactless transactions. The malware is highly evasive and remains undetected by security tools. CRIL's investigation reveals a coordinated operation with at least five phishing sites distributing the malicious app. RelayNFC is built in React Native and uses Hermes bytecode, making reverse engineering difficult.