Summary: A new Android malware-as-a-service platform named SuperCard X is facilitating NFC relay attacks, targeting banking customers in Italy to steal payment card data for fraudulent cashouts. The malware is distributed via bogus apps and deceptive social engineering tactics. Researchers have identified a multi-stage infection process, combining malicious app installation with security deception to manipulate victims into revealing sensitive information.
Affected: Banking customers and financial institutions in Italy
Keypoints :
- SuperCard X employs social engineering tactics, including smishing and phone calls, to install malicious apps.
- The malware utilizes a unique NFC relay technique to authorize fraudulent transactions and ATM withdrawals.
- Google is working on new features to block app installations from unknown sources to combat such threats.
Source: https://thehackernews.com/2025/04/supercard-x-android-malware-enables.html