b2b-daily
Home | IT | Cyber Security

Hackers Exploit NFC in New Android Payment Fraud Scheme

Avatar photo
by Bairon McAdams
April 23, 2025
Image Credit: Freepik / Freepik
Hackers Exploit NFC in New Android Payment Fraud Scheme
Article Highlights
Off On

Hackers are exploiting near-field communication (NFC) technology to commit instant payment fraud through the Chinese-speaking Android malware-as-a-service platform, SuperCard X. This malware enables real-time theft by using NFC to capture payment card data and make fraudulent transactions at point of sale (PoS) terminals and ATMs.

Unlike older methods such as overlay attacks or SMS interception, SuperCard X uses contactless functionalities in modern payment cards. Infected Android devices become NFC relay stations, simplifying the fraud process. Users of SuperCard X access “Reader” and “Tapper” applications via Telegram channels, making NFC relay fraud easily accessible without complex tool development.

The attack starts with spoofed messages from banks urging victims to call a number. Scammers then pose as bank agents, instructing victims to install the SuperCard X Reader app disguised as security software. This app requires minimal NFC permissions and standard system permissions, avoiding detection by security software.

When victims tap their card against the infected device, the Reader app captures NFC-transmitted card data. This data, including Answer To Reset (ATR) messages, is sent in real-time to the attackers. The Tapper app on another device uses the relayed ATRs to emulate the victim’s card, allowing for transactions at contactless PoS terminals and ATMs. Fraudulent withdrawals increase after convincing victims to lift spending limits. SuperCard X is distinct from other Android banking Trojans, focusing on NFC relay with minimal permissions, evading most antivirus engines. An analysis by Cleafy found extensive code reuse from open-source projects, indicating quick development and easy onboarding for affiliates.

In an Italian campaign, Cleafy noted customizations like tailored APK repackaging and pre-generated login credentials, streamlining the attack. SuperCard X highlights advanced social engineering and strategic minimalism in permissions, challenging current cybersecurity defenses with its covert and effective methods.

Android

Explore more

How Firm Size Shapes Embedded Finance Strategy
April 10, 2026

The rapid transformation of mundane business platforms into sophisticated financial ecosystems has effectively redrawn the competitive boundaries for companies operating in the modern economy. In this environment, the integration of banking, payments, and lending services directly into a non-financial company’s digital interface is no longer a luxury for the avant-garde but a baseline requirement for economic viability. Whether a company

What Is Embedded Finance vs. BaaS in the 2026 Landscape?
April 10, 2026

The modern consumer no longer wakes up with the intention of visiting a bank, because the very concept of a financial institution has migrated from a physical storefront into the digital oxygen of everyday life. This transformation marks the definitive end of banking as a standalone chore, replacing it with a fluid experience where capital management is an invisible byproduct

How Can Payroll Analytics Improve Government Efficiency?
April 10, 2026

While the hum of a government office often suggests a routine of paperwork and protocol, the digital pulses within its payroll systems represent the heartbeat of a nation’s economic stability. In many public administrations, payroll data is viewed as little more than a digital receipt—a record of transactions that concludes once a salary reaches a bank account. Yet, this information

Global RPA Market to Hit $50 Billion by 2033 as AI Adoption Surges
April 10, 2026

The quiet hum of high-speed data processing has replaced the frantic clicking of keyboards in modern back offices, marking a permanent shift in how global businesses manage their most critical internal operations. This transition is not merely about speed; it is about the fundamental transformation of human-led workflows into self-sustaining digital systems. As organizations move deeper into the current decade,

New AGILE Framework to Guide AI in Canada’s Financial Sector
April 10, 2026

The quiet hum of servers across Canada’s financial heartland now dictates more than just basic transactions; it increasingly determines who qualifies for a mortgage or how a retirement fund reacts to global volatility. As algorithms transition from the shadows of back-office automation to the forefront of consumer-facing decisions, the stakes for oversight have never been higher. The findings from the