Android users need to stay wary of a new threat, particularly when dealing with payment cards. Researchers have spotted a new malware “SuperCard X” targeting Android devices with NFC relay frauds.
SuperCard X Malware Targets Android With NFC Relay Frauds
Researchers from Cleafy have spotted a new malware in the wild running active campaigns. The malware, identified as SuperCard X, typically targets Android devices, performing frauds.
NFC (Near-Field Communication) is a short-range wireless communication technology facilitating users in contactless payments, transactions and file sharing. While this technology is supposed to provide a safer means of device communications, ditching physical means such as payment cards or data storage drives, it is also vulnerable to malicious interference. SuperCard X is another such malware exploiting NFC technology.
Specifically, SuperCard X malware conducts NFC relay attacks against Android devices, resulting financial losses for the victims. These attacks enable the attackers to maliciously authorize POS transactions and contactless ATM withdrawals by intercepting NFC communications.
The threat actors spread this malware to potential victims via social engineering, tricking the users into downloading maliciously apps. Once the malware reaches the target device, it lures the users into tapping the payment cards on their devices.
To trick users into downloading the malware, the threat actors impersonate various legit apps, such as banking apps. Once downloaded, the app asks minimal permissions, mainly requiring NFC access. Since it looks harmless, the victim is likely to grant the permission, which suffices for the malware to perform fraudulent transactions and steal data. To escape detection, the malware performs small transactions that are difficult to be flagged and reversed from the banks.
While the exact identity of the threat actors isn’t clear, the researchers have traced back the malware to Chinese origin. They observed the malware distribution happening via a Chinese Malware-as-a-Service (MaaS) platform. Besides, analyzing the malware demonstrated SuperCard X’s similarities to the previously known NGate malware.
Cleafy researchers observed SuperCard X actively targeting users in Italy. They have shared a detailed analysis of the newly spotted malware in their report.
Be Wary Of Social Engineering
Like always, the key to preventing such threats is to be wary of social engineering. Users must not trust any links or attachments received from trusted or untrusted sources to download apps or files. Instead, users must opt for the official website links to download apps, and should double-check the authenticity of attachments from the potential senders via some other means of contact to ensure legit downloads. Besides, users must also equip their devices with robust anti-malware solutions to block known malware.
Let us know your thoughts in the comments.