Victims are then instructed to tap their payment cards against their infected phones, unwittingly transmitting their card data through the malware to the attackers’ “Tapper” device, which can instantly execute fraudulent transactions at remote locations. The malware operates through a well-orchestrated fraud scheme combining social engineering tactics with technological exploitation, creating a seamless bridge between victims’ payment cards and attackers’ devices regardless of physical location. Unlike traditional banking trojans that focus on credential theft or screen overlays, SuperCard X represents an evolution in mobile threats by targeting the physical communication layer between payment cards and terminals. The SuperCard X malware employs a two-component architecture consisting of a “Reader” application installed on victims’ devices and a “Tapper” application controlled by the attackers. This new malicious software employs an innovative Near-Field Communication (NFC) relay technique that enables attackers to fraudulently authorize Point-of-Sale (POS) payments and perform Automated Teller Machine (ATM) withdrawals by intercepting and relaying NFC communications from compromised devices. The malware is distributed through carefully crafted social engineering campaigns, where victims receive deceptive messages impersonating bank security alerts about suspicious transactions. Their analysis revealed significant code similarities between SuperCard X and the open-source NFCGate tool developed by the Technical University of Darmstadt, as well as another Android malware called NGate that targeted the Czech Republic earlier in 2024. Custom builds for specific campaigns, such as those targeting Italian users, feature modifications to streamline the user experience and remove references to the MaaS platform’s Telegram channels, making attribution more challenging for security researchers. A sophisticated Android malware campaign dubbed ‘SuperCard X’ has emerged as a significant threat to financial institutions and cardholders worldwide. After initial contact through SMS or WhatsApp and subsequent phone manipulation, attackers convince victims to install the malicious “Reader” application on their smartphones. To ensure proper routing between various MaaS affiliates, both applications require authentication credentials, which attackers pre-generate and provide to victims during the social engineering phase. The impact of this threat extends beyond traditional banking fraud paradigms, as it directly targets payment card transactions rather than specific banking institutions. SuperCard X maintains its stealth through a minimalistic permission model, primarily requesting only the essential android.permission.NFC permission alongside standard, non-suspicious permissions associated with basic application functionality. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. When victims call the provided number, they unwittingly engage with threat actors who guide them through a series of actions ultimately leading to the compromise of their payment credentials. By leveraging these ATRs SuperCard X can deceive POS terminals or ATMs into recognizing the attacker’s device as a legitimate physical card, effectively bypassing proximity constraints. The malware’s technical sophistication is evident in its embedded file containing multiple Answer To Reset (ATR) messages, which are typically used to initiate communication parameters between smart cards and NFC readers. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.
This Cyber News was published on cybersecuritynews.com. Publication date: Sat, 19 Apr 2025 19:30:11 +0000