Find notable cyber news and cases, enriched with sources, timelines, and signals.

RelayNFC Android NFC relay malware targeting Brazilian banking users

Malware Activity
First reported
Last updated
Happening score
H score 21
1 unique sources, 1 articles

Summary

Hide ▲

The RelayNFC malware is actively targeting Brazilian banking users with Android-based NFC relay attacks, creating a path to steal contactless payment data and enable remote EMV fraud. The campaign has been running since early November 2025 and uses phishing plus decoy Portuguese-language sites to distribute the malware.

Related Happenings

Ousaban banking trojan retooled for Spain and Portugal

Malware Activity
H score33 First: 01.07.2026 16:45 Last: 01.07.2026 16:45 Sources 1

About this happening: The **Ousaban** banking trojan has been **retooled** to target **banking customers in Spain and Portugal**, raising the risk of **credential theft** and **bank fraud**. It uses **...

BTMOB phishing campaign targeting Brazil and Latin America

Campaign
H score39 First: 29.05.2026 00:10 Last: 29.05.2026 00:10 Sources 1

About this happening: **BTMOB** phishing activity is using localized fake-app lures to target users in **Brazil** and **Latin America**, increasing the risk of malicious installs and account compromise...

Grandoreiro DLL side-loading campaign targeting banks in Portugal

Campaign
H score26 First: 27.05.2026 19:10 Last: 27.05.2026 19:10 Sources 1

About this happening: **Grandoreiro** is running a new **DLL side-loading** campaign against **banks in Portugal**, extending a long-lived banking-malware operation into **2026**. The latest wave uses...

NGate Android Brazil fake-app and fake-lottery campaign

Campaign
H score37 First: 21.04.2026 12:00 Last: 21.04.2026 12:00 Sources 1

About this happening: A **NGate** campaign has been active since **November 2025**, targeting primarily **Android devices in Brazil** and using **fake-app** and **fake-lottery** lures to spread a malic...

NGate malware trojanized HandyPay NFC-stealing variant

Malware Activity
H score34 First: 21.04.2026 12:00 Last: 21.04.2026 12:00 Sources 1

About this happening: A **new NGate variant** is stealing **NFC payment data** from **Android users in Brazil**, raising the risk of **unauthorized purchases** and **ATM cash withdrawals**. The malware...

Timeline

  1. 03.12.2025 17:32 2 articles · 7mo ago

    Initial report: RelayNFC Android NFC relay malware targeting Brazilian banking users

    Initial Disclosure

    The initial phase focused on **phishing-driven Android installation** via Portuguese-language decoy sites, seeding **RelayNFC** so it could begin **real-time NFC relay** against payment cards.

    Show sources