Android NFC Scams Surge in Pakistan, Threatening Bank Accounts
Cybercriminals in Pakistan have significantly increased their use of near-field communication (NFC) scams targeting Android users, posing a growing threat to digital finances. According to cybersecurity firm Kaspersky, NFC-related attacks on Android devices surged by 188% during the first four months of 2026 compared to the same period last year.
Kaspersky’s data reveals that around 35,600 Android malware attacks linked to NFC scams were blocked between January and April 2026, a sharp rise from approximately 12,300 incidents recorded in the first four months of 2025. This alarming trend underlines the expanding risk posed by cybercriminals exploiting contactless payment technologies in Pakistan.
Researchers have identified multiple malicious software families driving these attacks, including SuperCard X, PhantomCard, NGate, and various variants of the NFCGate tool. These malware programs are designed to steal sensitive banking information and facilitate unauthorized financial transactions through contactless payment systems.
Attackers use two main techniques to execute their scams. The first, known as Direct NFC, involves scammers contacting victims via messaging platforms and persuading them to install malware disguised as legitimate financial or banking apps. Victims are then tricked into tapping their physical bank cards against their infected smartphones and entering their PINs, allowing hackers to immediately capture confidential card data.
The second and increasingly prevalent method is called Reverse NFC. In this approach, criminals convince victims to install a malicious app and set it as their default contactless payment method. The compromised phone then communicates with ATMs as if it were a payment card controlled by the scammers. Victims are misled into depositing cash, believing they are transferring money to a secure account, while in reality, the funds are sent directly to the fraudsters.
Reverse NFC scams are particularly challenging to detect because the fraudulent transactions are authorized manually by the victims themselves, making them appear legitimate to banking security systems.
This surge in NFC-based scams coincides with rapid growth in contactless payment adoption and mobile banking usage across Pakistan. As smartphones become more widespread, the number of potential victims expands, increasing opportunities for cybercriminals.
Cybersecurity experts urge Pakistani consumers to exercise caution by avoiding app downloads from unofficial sources and remaining vigilant against unsolicited messages related to banking. They also recommend not following instructions from unknown individuals about financial transactions or ATM operations. Keeping devices updated and installing trusted mobile security solutions can help reduce the risk of falling victim to these scams.
With contactless payments becoming an integral part of everyday financial activities, awareness and proactive security measures are critical to protect individual bank accounts from being compromised in Pakistan.