Experts are issuing a stark warning to Russian Android users about a sophisticated wave of fraudulent activities. This scheme, which previously saw widespread use across Europe, now leverages Trojan programs and NFC (Near Field Communication) technology to compromise financial data. Dmitry Galov, head of Kaspersky GReAT in Russia, shared these critical insights at the recent Kaspersky CyberSecurity Weekend conference held in Minsk.
Understanding the NFC Trojan Scheme
The core of this deceptive scam involves cybercriminals tricking victims into installing a malicious application. This app is cunningly designed to masquerade as a legitimate financial service, aiming to earn the user`s trust. Once the installation is complete, users are then prompted to register within the application and link their bank card, purportedly for a necessary verification process.
Galov detailed a particularly insidious variation: attackers assure their targets that there`s no need to manually enter extensive card details, with the singular exception of the PIN. Instead, they instruct users to simply tap their physical bank card against their phone`s NFC reader. Galov emphasized that complying with this seemingly innocuous instruction directly leads to the transmission of sensitive card data to the fraudsters. Once compromised, these criminals gain the ability to withdraw funds or execute unauthorized purchases using the victim`s card.
Evolution and Prevalence of the Threat in Russia
This particular fraudulent tactic, Galov noted, first gained significant traction and widespread use across various European countries. In Russia, its active deployment began towards the end of 2024, rapidly escalating throughout 2025 to become one of the most common and pressing threats faced by owners of Android devices in the region.
In related news, Kaspersky Lab had previously highlighted another major cyber threat specifically targeting Russian Android users: the Mamont Trojan. This piece of malicious software was identified as the most widespread malware affecting Android devices within the country.
