Analysis Summary

A new Android malware called SuperCard X is targeting users by exploiting NFC (Near Field Communication) technology to steal credit card information and perform unauthorized transactions. This malware uses a technique known as an NFC relay attack. In this method, attackers intercept and relay NFC communications between a victim's device and payment terminals, allowing them to authorize payments or withdraw cash without the victim's knowledge.

The attack typically begins with social engineering tactics. Victims receive deceptive messages via SMS or WhatsApp, often posing as bank security alerts about suspicious activity. These messages prompt users to call a number where attackers, impersonating bank representatives, persuade them to install a malicious app disguised as a security tool. Once installed, the app requests the user to "verify" their card by tapping it against their phone, capturing the NFC data in the process.

This captured data is then transmitted in real-time to an attacker-controlled device, enabling fraudulent transactions at Point-of-Sale (POS) terminals or ATMs. Notably, this method bypasses the need for a physical card or PIN, as the transactions are processed through standard mobile payment services, making them appear legitimate and harder to detect.

SuperCard X is distributed as a Malware-as-a-Service (MaaS) on cybercrime forums, particularly those catering to Chinese-speaking audiences. Its code shares similarities with previously identified malware like NGate, indicating a growing ecosystem of NFC-exploiting tools

Impact

• Credential Theft
• Financial Loss
• Gain Access

Indicators of Compromise

Remediation

• Block all threat indicators at your respective controls.
• Search for indicators of compromise (IOCs) in your environment utilizing your respective security controls.
• Disable NFC on your Android device when not in use. This prevents unauthorized access to your card data via NFC relay attacks.
• Only install apps from trusted sources like the Google Play Store. Avoid downloading apps from unknown links received via SMS or WhatsApp.
• Be cautious of messages claiming to be from your bank, especially those urging you to install security apps or verify your card by tapping it on your phone.
• Regularly review app permissions on your device. Revoke NFC access for apps that don't require it.
• Keep your device's operating system and security software up to date to benefit from the latest security patches.
• Use protective sleeves for your contactless cards to shield them from unauthorized NFC reads.
• Monitor your bank statements and transaction histories regularly to detect any unauthorized activities promptly.
• If you suspect that your card information has been compromised, contact your bank immediately to block the card and issue a new one.
• Consider using mobile payment solutions that offer additional security features, such as biometric authentication, to add an extra layer of protection.