SuperCard X Android Malware Enables Contactless ATM and PoS Fraud

A newly identified Android malware, dubbed “SuperCard X,” is enabling cybercriminals to execute contactless ATM and point-of-sale (PoS) fraud through sophisticated NFC (Near Field Communication) relay attacks. This malware-as-a-service (MaaS) platform is primarily targeting banking customers in Italy, exploiting social engineering tactics to compromise payment card data.   

Victims receive deceptive SMS or WhatsApp messages impersonating bank alerts, prompting them to call a specified number under the pretense of addressing suspicious account activity.

Upon calling, attackers pose as bank representatives, persuading victims to install a malicious application disguised as security software. During the call, victims may also be manipulated into revealing their PINs and removing card spending limits.

The installed malware, acting as a “Reader,” captures NFC transmissions when victims are instructed to tap their payment cards against their infected devices. This data is then relayed to a “Tapper” application controlled by the attackers, facilitating unauthorized transactions.

Google has acknowledged the threat, emphasizing that no such malicious apps are present on the Google Play Store. The company advises users to remain vigilant, avoid installing apps from unknown sources, and keep Google Play Protect enabled to safeguard against emerging threats.