The NFCShare Android malware campaign is distributing 56 malicious APKs via GitHub-hosted phishing infrastructure, targeting customers of Italian and Spanish banks including Intesa Carte, Banca Sella, Nexi, Fideuram, Mooney, and CaixaBank through NFC relay attacks designed to steal contactless payment card data in real time. There is no software patch; mitigation requires MDM policy enforcement, sideloading restriction, and mobile threat defense tooling capable of handling malformed APK analysis. Source confidence is Tier 3; validate IOCs against primary threat intelligence feeds before operationalizing.