Android users need to be cautious of a new threat, especially when it comes to payment cards. A new malware called “SuperCard X” has been identified targeting Android devices through NFC relay frauds.
SuperCard X Malware Targets Android Devices with NFC Relay Frauds
A new malware called SuperCard X has been discovered by researchers at Cleafy, actively targeting Android devices with fraudulent activities. The malware exploits NFC technology to carry out its malicious activities.
NFC (Near-Field Communication) is a short-range wireless communication technology that enables contactless payments, transactions, and file sharing. While NFC technology is meant to provide a secure way of device communication, it is also susceptible to malicious attacks. SuperCard X is one such malware that takes advantage of NFC technology.
SuperCard X conducts NFC relay attacks against Android devices, leading to financial losses for the victims. These attacks allow the hackers to fraudulently authorize POS transactions and contactless ATM withdrawals by intercepting NFC communications.
The malware is spread to potential victims through social engineering tactics, tricking users into downloading malicious apps. Once installed on a device, the malware prompts users to tap their payment cards, enabling it to carry out fraudulent transactions and steal data.
To deceive users into downloading the malware, the threat actors impersonate legitimate apps, such as banking apps. Once installed, the app requests minimal permissions, primarily requiring NFC access. The unsuspecting victim grants the permission, allowing the malware to conduct fraudulent activities without raising suspicion.
Although the exact identity of the threat actors remains unclear, researchers have linked the malware to Chinese origins. The distribution of the malware is observed through a Chinese Malware-as-a-Service (MaaS) platform, with similarities to the NGate malware.
Cleafy researchers have noted active targeting of users in Italy by SuperCard X. They have provided a detailed analysis of the malware in their report.
Stay Alert Against Social Engineering Tactics
To protect against such threats, users should remain vigilant against social engineering tactics. Avoid clicking on links or downloading attachments from unknown sources. Download apps only from official sources and verify the authenticity of attachments through other means of contact. Additionally, use robust anti-malware solutions to prevent known malware attacks.
Share your thoughts in the comments section below.
