SuperCard X: New Android Malware Enabling NFC Relay Attacks on ATMs and PoS Systems

A novel Malware-as-a-Service (MaaS) platform called SuperCard X has emerged, enabling cybercriminals to carry out contactless fraud at ATMs and Point-of-Sale (PoS) terminals through NFC relay attacks.

The ongoing campaign primarily targets customers of banks and card issuers in Italy, according to the fraud prevention firm Cleafy. The service is reportedly promoted via Telegram channels, using social engineering tactics that combine deceptive SMS or WhatsApp messages (smishing), phone calls, and malicious apps.

SuperCard X uses mutual TLS (mTLS) for C2 infrastructure, and different “Reader” versions feature subtle login screen variations—suggesting affiliate-based custom builds tailored for diverse campaigns.

Google is reportedly developing a new Android feature to block app installations from unknown sources and restrict permission grants to accessibility services during phone calls—specifically to tackle threats like SuperCard X.

Users should remain vigilant: check app descriptions and permissions, avoid suspicious downloads, and keep Google Play Protect enabled to safeguard against emerging threats.