Chinese Fraudsters Arrested for Novel Mobile Scam Targeting Apple Pay
Authorities in two U.S. states have apprehended Chinese nationals involved in a novel mobile fraud scheme. The suspects used Android phones to conduct Apple Pay transactions, likely through a custom app called Z-NFC. The scam began with phishing messages sent via Apple iMessage and Google's RCS, tricking victims into linking their payment card data to fraudulent mobile wallets.
The fraudsters, based in China, employed sophisticated malware and phishing techniques to steal payment card data. They then uploaded this data onto Google and Apple phones using customized malware tools, enabling data exfiltration and control. The stolen data was used to create mobile wallets, which were employed to relay tap-to-pay transactions from devices located in China.
In California, two suspects were arrested for using an app to run stolen credit cards at a local Target store, making off with over $2,000 worth of gift cards. In Tennessee, 11 suspects were arrested for buying tens of thousands of dollars worth of gift cards using fraudulent mobile wallets. The suspects were using stolen credit card information to purchase gift cards and launder funds, with over $23,000 worth of gift cards recovered during the operation. The phones, loaded with multiple stolen wallets, were sold in bulk on Telegram.
The suspects admitted to being paid $250 a day for their role in the fraud. The arrests highlight the evolving nature of cybercrime, with fraudsters now exploiting mobile payment systems. Authorities are urging caution when using mobile wallets and advising users to be wary of phishing messages.
