Through the cloned QR code, the reporter easily scanned the code to spend successfully at the mall.
Because small swipe payments don't require a password, once a cloning attack is hit, the attacker can use their own phone and spend someone else's money entirely.
For more details, please visit the video
How scary is this "app clone"?
This is like trying to get into your hotel room in the past and needing to break the lock, but the way it is now is by copying a copy of your hotel room card and not only being able to get in and out at any time, but also spending money at the hotel in your name," the Tencent executive said metaphorically. "
Tencent Security Xuanwu Lab researcher Wang Yongke said that The attacker can completely manipulate the account on his phone, including viewing private information and even stealing the money inside。
Network security engineers told reporters that compared with past attacks, cloning attacks are more stealthy and less likely to be detected. Because instead of hacking into your phone multiple times, it just moves the content out of your phone app and operates elsewhere.