b2b-daily
Home | IT | Cyber Security

Hackers Exploit NFC in New Android Payment Fraud Scheme

Avatar photo
by Bairon McAdams
April 23, 2025
Image Credit: Freepik / Freepik
Hackers Exploit NFC in New Android Payment Fraud Scheme
Article Highlights
Off On

Hackers are exploiting near-field communication (NFC) technology to commit instant payment fraud through the Chinese-speaking Android malware-as-a-service platform, SuperCard X. This malware enables real-time theft by using NFC to capture payment card data and make fraudulent transactions at point of sale (PoS) terminals and ATMs.

Unlike older methods such as overlay attacks or SMS interception, SuperCard X uses contactless functionalities in modern payment cards. Infected Android devices become NFC relay stations, simplifying the fraud process. Users of SuperCard X access “Reader” and “Tapper” applications via Telegram channels, making NFC relay fraud easily accessible without complex tool development.

The attack starts with spoofed messages from banks urging victims to call a number. Scammers then pose as bank agents, instructing victims to install the SuperCard X Reader app disguised as security software. This app requires minimal NFC permissions and standard system permissions, avoiding detection by security software.

When victims tap their card against the infected device, the Reader app captures NFC-transmitted card data. This data, including Answer To Reset (ATR) messages, is sent in real-time to the attackers. The Tapper app on another device uses the relayed ATRs to emulate the victim’s card, allowing for transactions at contactless PoS terminals and ATMs. Fraudulent withdrawals increase after convincing victims to lift spending limits. SuperCard X is distinct from other Android banking Trojans, focusing on NFC relay with minimal permissions, evading most antivirus engines. An analysis by Cleafy found extensive code reuse from open-source projects, indicating quick development and easy onboarding for affiliates.

In an Italian campaign, Cleafy noted customizations like tailored APK repackaging and pre-generated login credentials, streamlining the attack. SuperCard X highlights advanced social engineering and strategic minimalism in permissions, challenging current cybersecurity defenses with its covert and effective methods.

Android

Explore more

Trend Analysis: AI in Real Estate
December 26, 2025

Navigating the real estate market has long been synonymous with staggering costs, opaque processes, and a reliance on commission-based intermediaries that can consume a significant portion of a property’s value. This traditional framework is now facing a profound disruption from artificial intelligence, a technological force empowering consumers with unprecedented levels of control, transparency, and financial savings. As the industry stands

Insurtech Digital Platforms – Review
December 26, 2025

The silent drain on an insurer’s profitability often goes unnoticed, buried within the complex and aging architecture of legacy systems that impede growth and alienate a digitally native customer base. Insurtech digital platforms represent a significant advancement in the insurance sector, offering a clear path away from these outdated constraints. This review will explore the evolution of this technology from

Trend Analysis: Insurance Operational Control
December 26, 2025

The relentless pursuit of market share that has defined the insurance landscape for years has finally met its reckoning, forcing the industry to confront a new reality where operational discipline is the true measure of strength. After a prolonged period of chasing aggressive, unrestrained growth, 2025 has marked a fundamental pivot. The market is now shifting away from a “growth-at-all-costs”

AI Grading Tools Offer Both Promise and Peril
December 26, 2025

The familiar scrawl of a teacher’s red pen, once the definitive symbol of academic feedback, is steadily being replaced by the silent, instantaneous judgment of an algorithm. From the red-inked margins of yesteryear to the instant feedback of today, the landscape of academic assessment is undergoing a seismic shift. As educators grapple with growing class sizes and the demand for

Legacy Digital Twin vs. Industry 4.0 Digital Twin: A Comparative Analysis
December 26, 2025

The promise of a perfect digital replica—a tool that could mirror every gear turn and temperature fluctuation of a physical asset—is no longer a distant vision but a bifurcated reality with two distinct evolutionary paths. On one side stands the legacy digital twin, a powerful but often isolated marvel of engineering simulation. On the other is its successor, the Industry