FlagThis

A new malware-as-a-service (MaaS) platform, called 'SuperCard X', has surfaced, targeting Android devices. This malware leverages Near-Field Communication (NFC) relay attacks to facilitate unauthorized point-of-sale (POS) and Automated Teller Machine (ATM) transactions. It operates by using compromised payment card data obtained through social engineering tactics. Victims are often lured into downloading a malicious application via SMS or phone calls, which then captures payment card data when the card is in proximity to the infected device.

This sophisticated Android-based malware is part of a fraud campaign that combines social engineering, malware distribution, and NFC data interception. The data captured is relayed in real-time through a Command and Control (C2) infrastructure to an attacker-controlled device, enabling immediate fraudulent cash withdrawals and purchases. The malware’s architecture includes two applications: “Reader” for capturing NFC card data and “Tapper” for receiving this data and performing the fraud. Communication between these apps uses HTTP over a C2 infrastructure, which employs mutual TLS (mTLS) to secure and authenticate connections.

SuperCard X exhibits a low detection rate among antivirus solutions due to its narrow focus on NFC data capture and minimal permission requirements. Cleafy Threat Intelligence researchers identified code similarities between SuperCard X and the open-source NFCGate tool, as well as another Android malware called NGate. This type of attack represents a significant escalation in fraud capabilities, extending beyond the usual targets of banking institutions to directly impact payment providers and card issuers.

ImgSrc: www.bleepstatic

References :

• gbhackers.com: New Android SuperCard X Malware Uses NFC-Relay Technique for POS & ATM Transactions
• BleepingComputer: A new malware-as-a-service (MaaS) platform named 'SuperCard X' has emerged, targeting Android devices via NFC relay attacks that enable point-of-sale and ATM transactions using compromised payment card data.
• The DefendOps Diaries: Explore SuperCard X, a sophisticated mobile malware using NFC relay attacks and minimal permissions to evade detection.
• Cyber Security News: New Android SuperCard X Malware Employs NFC-Relay Technique for Fraudulent POS & ATM Withdrawals
• gbhackers.com: New Android SuperCard X Malware Uses NFC-Relay Technique for POS & ATM Transactions
• BleepingComputer: New Android malware steals your credit cards for NFC relay attacks
• cybersecuritynews.com: CyberscurityNews reports New Android SuperCard X Malware Employs NFC-Relay Technique for Fraudulent POS & ATM Withdrawals
• www.cleafy.com: Cleafy Labs reports SuperCard X: exposing a Chinese-speaker MaaS for NFC Relay fraud operation
• Secure Bulletin: SuperCard X: exposing a MaaS for NFC Relay fraud operation
• securebulletin.com: SuperCard X: exposing a MaaS for NFC Relay fraud operation
• www.bleepingcomputer.com: New Android malware steals your credit cards for NFC relay attacks
• BleepingComputer: A new malware-as-a-service (MaaS) platform named 'SuperCard X' has emerged, targeting Android devices via NFC relay attacks that enable point-of-sale and ATM transactions using compromised payment card data.
• bsky.app: Talkback Threat Summary for Android SuperCard X Malware Uses NFC-Relay Technique for POS & ATM Transactions
• securityaffairs.com: New sophisticate malware SuperCard X targets Androids via NFC relay attacks

Classification:

• HashTags: #AndroidMalware #NFCrelay #FinancialFraud
• Company: Cleafy
• Target: Android users
• Product: Android
• Feature: NFC relay attacks
• Malware: SuperCard X
• Type: Malware
• Severity: Major