Zimperium zLabs discovered over 760 Android apps misusing NFC and HCE to steal payment data, with a notable increase in attacks since April 2024. These malicious apps impersonate trusted institutions and operate through a command-and-control system, making detection difficult. Financial institutions and users need to be wary of unfamiliar apps requesting NFC access.