SuperCard X: Android malware uses NFC to steal credit cards

In a recent report from Cleafy's Threat Intelligence team, a new malware variant known as SuperCard X has been discovered, which performs an attack over near field communication (NFC) to execute unauthorized transactions on point-of-sale (POS) systems and ATMs. This malware is Android-based and has been identified as part of a fraud campaign targeting Italy.

SuperCard X malware takes advantage of NFC technology, allowing the attacker to intercept and relay NFC communications from compromised devices. To do so, the attacker tricks victims using social engineering tactics via SMS and phone calls to download a malicious application that captures payment card data when the card is in close proximity to the infected device. This data is transmitted in real time through a command and control (C&C) infrastructure to a device controlled by the attacker, enabling immediate fraudulent payment collection. In addition, the communication uses the HTTP protocol with TLS to encrypt and authenticate connections, preventing unauthorized access to the C&C infrastructure.

One of the most notable features of SuperCard X is its low detection rate by antivirus solutions and tools. This is because the malware focuses on capturing NFC data, which allows the attacker to access stolen funds instantly and potentially outside of traditional fraud channels that typically involve bank transfers.