The Cleafy Threat Intelligence team has identified a new and sophisticated Android malware campaign, dubbed 'SuperCard X’. This campaign employs a novel NFC-relay technique, enabling Threat Actors (TAs) to fraudulently authorize Point-of-Sale (POS) payments and Automated Teller Machine (ATM) withdrawals by intercepting and relaying NFC communications from compromised devices. The malware is distributed through Social Engineering tactics, deceiving victims into installing the malicious application and subsequently “tapping” their payment cards on their infected phones.
Preliminary analysis suggests that TAs are leveraging a Chinese-speaking Malware-as-a-Service (MaaS) platform promoted as SuperCard X. This malware exhibits significant code overlap with the previously documented NGate malware discovered by ESET in 2024.
This novel campaign introduces a significant financial risk that extends beyond the conventional targets of banking institutions to affect payment providers and credit card issuers directly. The innovative combination of malware and NFC relay empowers attackers to perform fraudulent cash-outs with debit and credit cards. This method demonstrates high efficacy, especially when targeting contactless ATM withdrawals.
![[correlate]](/data/avatars/m/79/79653.jpg?1556985072){kind=avatar}
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}
