Summary: A new malware-as-a-service platform called ‘SuperCard X’ targets Android devices through NFC relay attacks, enabling fraudulent point-of-sale and ATM transactions using compromised payment card data. Linked to Chinese-speaking threat actors, it operates via Telegram and utilizes social engineering tactics to install the malware on victims’ devices. Currently undetected by major antivirus engines, SuperCard X employs sophisticated methods for card emulation and secure communications.
Affected: Android devices
Keypoints :
- Malware distributed via Telegram offers support and custom builds for affiliates.
- Attacks begin with victims receiving fraudulent messages impersonating their banks.
- Scammers use social engineering to extract card details and install the malicious Reader app.
- The malware reads card data through NFC, allowing attackers to make contactless transactions.
- SuperCard X is undetected by antivirus engines, avoiding red flags in heuristic scans.
- Utilizes mutual TLS for secure communication, enhancing protection against interception.