A recent investigation by KrebsOnSecurity reveals that cybercriminals, particularly from China, are revitalizing the carding industry by converting phished payment card data into mobile wallets compatible with Apple Pay and Google Pay. These criminals deploy sophisticated phishing kits that send deceptive messages via Apple iMessage and RCS, impersonating entities like the U.S. Postal Service or toll road operators. Victims who enter their card details on these fraudulent sites inadvertently provide one-time passcodes, allowing attackers to link the stolen card information to mobile wallets on devices they control. These compromised devices, each loaded with multiple digital wallets, are then sold in bulk or used for fraudulent transactions through fake e-commerce setups. Additionally, some groups offer advanced tools, such as the “ZNFC” Android app, enabling the relay of NFC transactions globally, further facilitating unauthorized tap-to-pay purchases.