• Tue, April 29 2025
  • Contact Us
  • Advertise
Subscribe
CU Daily – theCUDaily.com logo

New Malware-as-a-Service Targets Android Devices, POS, ATM Transactions

NEW YORK–A new malware-as-a-service (MaaS) platform known as “SuperCard X” has emerged and is targeting Android devices via NFC relay attacks that enable point-of-sale and ATM transactions using compromised payment card data.

According to BleepingComputer.com, SuperCard X is linked to Chinese-speaking threat actors and shows code similarities with the open-source project “NFCGate and its malicious spawn, NGate, which has facilitated attacks in Europe since last year.”

The malware-as-a-service platform is promoted through Telegram channels that also offer direct support to “customers,” according to BleepingComputer.com.

SuperCard X was discovered by mobile security firm Cleafy, BleepingComputer.com reported, adding that Cleafy is said it seeing reports attacks utilizing the Android malware in Italy. 

“These attacks involved multiple samples with subtle differences, indicating that affiliates are offered the option of custom builds tailored to regional or other specific needs,” BleepingComputer.com stated. 

How It Works

According to BleepingComptuer.com, the attack begins with the victim receiving a fake SMS or WhatsApp message impersonating their bank, claiming they need to call a number to resolve issues caused by a suspicious transaction.

“The call is answered by a scammer posing as bank support, who uses social engineering to trick the victim into “confirming” their card number and PIN,” BleepingComputer.com reported. “They then attempt to convince the user to remove spending limits via their banking app. Finally, the threat actors convince users to install a malicious app (Reader) disguised as a security or verification tool that contains the SuperCard X malware.”

Upon installation, the Reader app requests only minimal permissions, mainly access to the NFC module, which is enough to perform the data theft, BleepingComputer.com stated.

“The scammer instructs the victim to tap their payment card to their phone to verify their cards, allowing the malware to read the card chip data and send it to the attackers,” the report said. 

‘Tapper’ App

The attackers receive this data on their Android device, which runs another app called Tapper, which emulates the victim’s card using the stolen data, BleepingComputer.com reported.

“These ’emulated’ cards allow attackers to make contactless payments at stores and ATM withdrawals, though amount limits apply,” the report added. “As these small transactions are instant and appear legitimate to the banks, they’re harder to flag and reverse.”

Facebook
Twitter
LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

CU Daily – theCUDaily.com logo

Never miss any important news. Subscribe to our newletter today!

Subscribe Now
Copyright 2025 The CUDaily. All Rights Reserved.