“As the final stage of the manipulation, the [threat actors] instruct the victim to bring their physical debit or credit card into proximity to their infected mobile device,” Cleafy says. The fraudsters target Android devices with “a series of well-orchestrated steps” that allow them to steal money from individual victims, according to Cleafy, the cybersecurity firm that tracked the scheme in its home country of Italy. Financial institutions should be on alert for a scam that combines social engineering, previously undocumented malware and mobile phones’ near-field communication (NFC) capabilities to compromise payment cards, researchers said Friday. SuperCard X appears to be malware-as-a-service (MaaS) offered by “Chinese-speaking” hackers, Cleafy says, meaning that the people who created the code aren’t necessarily those who are using it in Italy. “[T]he operational context of this attack is mainly agnostic of the financial institution involved since the ultimate target of the fraudsters is the customers’ debit or credit cards, regardless of the issuing bank,” the researchers say. Cleafy also notes that in similar payment-card scam operations, specific banks often are the targets, but in the SuperCard X campaign, any card is potentially up for grabs. The malware, which Cleafy is calling SuperCard X, overlaps with malicious code first reported by researchers at Slovakia-based ESET in 2024. The abuse of NFC technology — when a device recognizes a nearby item like a payment card — is new, Cleafy says. The NFC process “allows the attacker to access the stolen funds instantly and potentially outside traditional fraud channels that typically involve bank transfers,” the report says. The Italian job works like this: The hackers reel in a potential victim with a scary text message that impersonates a bank fraud alert. “The nature of MaaS enables multiple affiliates to operate locally within their own regions or areas of specific interest,” the report says.
This Cyber News was published on therecord.media. Publication date: Fri, 18 Apr 2025 15:00:16 +0000