Cyberattacks targeting Android users through NFC-based payment systems have surged sharply in early 2026, rising 188% year-on-year, according to cybersecurity firm Kaspersky.

Between January and April 2026, Kaspersky reported blocking around 35,600 attacks linked to Android malware that abuses NFC functionality. This compares with just over 12,300 incidents in the same period last year, signaling a rapid escalation in mobile payment fraud.

Researchers identified multiple malware families involved in these campaigns, including SuperCard X, PhantomCard, NGate, and modified versions of the NFCGate tool. These malicious programs are designed to intercept card data and enable unauthorized financial transactions using contactless payment systems.

Security experts say attackers are relying on two main techniques. The first, known as Direct NFC, involves tricking users via messaging apps into installing fake banking or finance apps. Victims are then persuaded to tap their bank cards against infected phones and enter PINs, allowing attackers to capture sensitive payment data.

The second method, Reverse NFC, is more deceptive and increasingly widespread. In this case, users install a malicious app that is set as the default contactless payment service. The infected device then mimics a payment card, transmitting NFC signals that ATMs and terminals accept as legitimate. Victims are manipulated into depositing money, believing they are transferring funds securely, while the money is actually sent to criminals.

Kaspersky warned that Reverse NFC attacks are particularly dangerous because transactions appear authorized by the victim, making fraud harder to detect and trace.

The rise in NFC-based scams coincides with the global expansion of contactless payments and mobile banking, which has significantly widened the attack surface for cybercriminals. Increased smartphone adoption and reliance on digital wallets have further amplified the risk.

Cybersecurity experts advise users to avoid installing apps from unofficial sources, remain cautious of unsolicited banking-related messages, and never follow instructions to perform financial actions on behalf of unknown contacts. Keeping devices updated and using trusted mobile security software can also help reduce exposure.

The findings highlight how mobile banking fraud is evolving toward more sophisticated social engineering tactics that exploit the growing reliance on tap-to-pay technologies.