Mobile Hacking Conference Talk

Evolution of NFC Threats

By Lukas Stefanko

NFC now powers everyday tap-to-pay and access badges, but “proximity” is no longer protection. Adversaries relay NFC over distance using Android malware and repurposed research tools.


This talk traces the first in-the-wild Android NFC relay malware, used for remote ATM cashouts via social engineering and phishing, to today’s more capable variants.

Lukas will share high-level telemetry showing how NFC abuse detections rose from 2024 through 2025 and continued into 2026. 

He will also note where campaigns have surfaced globally to illustrate the operational reach rather than dive into case details.

Beyond payments, Lukas will touch on other NFC abuse scenarios, including misuse of NFCGate to clone certain access tags and to run microtransaction tap-to-pay fraud with stolen cards.

He will enhance the presentation by covering another crimeware technique that exploits NFC technology to conduct mobile payments worldwide using stolen payment cards and phishing-obtained one-time passcodes.
Thank you!
Bio

Lukas Stefanko

Lukas Štefanko is an experienced senior malware researcher with a strong engineering background and a well-demonstrated focus on Android malware research and security.

With more than 14 years’ experience with malware, he has been focusing on improving detection mechanisms of Android malware and in the past couple of years has made major strides towards heightening public awareness around mobile threats and app vulnerabilities.

He has presented at several security conferences such as RSA, Virus Bulletin, Confidence, DefCamp, BountyCon, AVAR, CARO Workshop, Infoshare, Ekoparty, Code Blue, and Copenhagen CyberCrime.
Write your awesome label here.

Register here: