{"data":{"id":"11041d60-9a0b-4782-8dda-3fc3e18cd0ce","title":"NFC tap-to-pay gets tapped by hackers","summary":"Hackers have infected a legitimate Android payment app called HandyPay with malware (trojanized code, meaning legitimate software modified with malicious additions) to steal NFC data (near field communication, the technology that powers tap-to-pay) and PIN numbers, allowing them to clone payment cards and drain accounts. The attackers likely used generative AI to help create the malware, as evidenced by emoji markers in the code that are typical of AI-generated text. The malware is being distributed through fake websites impersonating a Brazilian lottery and a spoofed Google Play store, targeting Android users in Brazil.","solution":"Android provides some protection through security alerts. When a user tries to download the trojanized app from a browser, Android automatically blocks the install and shows a prompt requiring manual permission to allow installation from that source. ESET researchers also shared a list of indicators (files, hashes, network indicators, and MITRE ATT&CK maps) in a dedicated GitHub repository to support detection efforts.","labels":["security"],"sourceUrl":"https://www.csoonline.com/article/4161983/nfc-tap-to-pay-gets-tapped-by-hackers.html","publishedAt":"2026-04-22T11:40:10.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"medium","attackType":["supply_chain"],"issueType":"news","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["GenAI"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-04-22T11:40:10.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":null,"llmSpecific":false,"classifierConfidence":0.72,"researchCategory":null,"atlasIds":null}}