Request a Demo
Rewterz
Zoom Remote Control Feature Exploited to Gain Access
April 23, 2025
Rewterz
CVE-2025-32818 – SonicWall SonicOS SSLVPN Vulnerability
April 24, 2025

SuperCard X Malware Exploiting NFC for Financial Fraud – Active IOCs

Severity

High

Analysis Summary

A new Android malware called SuperCard X is targeting users by exploiting NFC (Near Field Communication) technology to steal credit card information and perform unauthorized transactions. This malware uses a technique known as an NFC relay attack. In this method, attackers intercept and relay NFC communications between a victim's device and payment terminals, allowing them to authorize payments or withdraw cash without the victim's knowledge.

The attack typically begins with social engineering tactics. Victims receive deceptive messages via SMS or WhatsApp, often posing as bank security alerts about suspicious activity. These messages prompt users to call a number where attackers, impersonating bank representatives, persuade them to install a malicious app disguised as a security tool. Once installed, the app requests the user to "verify" their card by tapping it against their phone, capturing the NFC data in the process.

This captured data is then transmitted in real-time to an attacker-controlled device, enabling fraudulent transactions at Point-of-Sale (POS) terminals or ATMs. Notably, this method bypasses the need for a physical card or PIN, as the transactions are processed through standard mobile payment services, making them appear legitimate and harder to detect.

SuperCard X is distributed as a Malware-as-a-Service (MaaS) on cybercrime forums, particularly those catering to Chinese-speaking audiences. Its code shares similarities with previously identified malware like NGate, indicating a growing ecosystem of NFC-exploiting tools

Impact

  • Credential Theft
  • Financial Loss
  • Gain Access

Indicators of Compromise

Domain Name

  • api.kingcardnfc.com

  • api.kingnfc.com

  • api.payforce-x.com

MD5

  • f949eadea1b78aa68c1a393019052bcb

  • 380f49a798e7d7ccedd12fca4f98f0e3

  • 7ec93bfdba5ceb158e5392533d85516a

SHA-256

  • 2c6b914f9e27482152f704d3baea6c8030da859c9f5807be4e615680f93563a0

  • 3f39044c146a9068d1a125e1fe7ffc3f2e029593b75610ef24611aadc0dec2de

  • 3fb91010b9b7bfc84cd0c1421df0c8c3017b5ecf26f2e7dadfe611f2a834330c

SHA1

  • 80e53f3fa70470f1cd659514315be6450b1edc58

  • 9d7ee835fe0504f2c6255e1f2176aa598db4ca78

  • 455683463f3b7fcf2cdb73ea88dc326cee881e79

Remediation

  • Block all threat indicators at your respective controls.
  • Search for indicators of compromise (IOCs) in your environment utilizing your respective security controls.
  • Disable NFC on your Android device when not in use. This prevents unauthorized access to your card data via NFC relay attacks.
  • Only install apps from trusted sources like the Google Play Store. Avoid downloading apps from unknown links received via SMS or WhatsApp.
  • Be cautious of messages claiming to be from your bank, especially those urging you to install security apps or verify your card by tapping it on your phone.
  • Regularly review app permissions on your device. Revoke NFC access for apps that don't require it.
  • Keep your device's operating system and security software up to date to benefit from the latest security patches.
  • Use protective sleeves for your contactless cards to shield them from unauthorized NFC reads.
  • Monitor your bank statements and transaction histories regularly to detect any unauthorized activities promptly.
  • If you suspect that your card information has been compromised, contact your bank immediately to block the card and issue a new one.
  • Consider using mobile payment solutions that offer additional security features, such as biometric authentication, to add an extra layer of protection.