Kaspersky: NFC-based cyber attacks surge 188 percent by early 2026
JAKARTA - Kaspersky has recorded a 188% spike in NFC (Near Field Communication) based attacks on Android smartphones that aim to steal victims' funds in the first four months of 2026, compared to the same period in 2025.
From January to April 2026, Kaspersky's cybersecurity solutions managed to block 35,600 attacks from various Android malware groups using NFC techniques, compared to more than 12,300 attacks blocked during the first four months of 2025.
According to the global cybersecurity company, users in Russia are more frequently exposed to this ongoing NFC mobile threat, but some of the other affected regions include Latin America and Europe.
Currently, there are two main schemes of NFC-based attacks:
Direct NFC
The fraudsters contacted the victims via a messaging app and, under the guise of verifying the user's identity, tricked them into downloading malware. The victims were then asked to paste their bank cards onto the infected smartphone, and enter the card PIN. As a result, the bank card data was handed over to the attackers.
NFC Reverse (reverse)
The fraudsters send a malicious application and ask the victim to make it the main contactless payment method on the phone. The application emits an NFC signal that makes the ATM read the victim's phone as a card belonging to the fraudster. The victim is then asked to deposit money into a "secure account" via an ATM, even though the funds go into the fraudster's account.
"The danger of these newer and more sophisticated schemes is that these types of fraud are more difficult to detect and fight, because the victim himself transfers money to the attacker's account and the transaction is difficult to distinguish from a legitimate transaction," said Sergey Golovanov, head of security expert at Kaspersky.
To protect against NFC relay attacks and other mobile threats, Kaspersky recommends:
Avoid installing apps from unofficial sources, including links sent via messaging apps, social media, SMS, or recommended during phone calls Never follow instructions from strangers at ATMs - whoever they are Use comprehensive security solutions on your phone, to prevent visits to phishing sites from web browsers and messaging apps, as well as stopping the installation of malware.