b2b-daily
Home | IT | Cyber Security

Hackers Exploit NFC in New Android Payment Fraud Scheme

Avatar photo
by Bairon McAdams
April 23, 2025
Image Credit: Freepik / Freepik
Hackers Exploit NFC in New Android Payment Fraud Scheme
Article Highlights
Off On

Hackers are exploiting near-field communication (NFC) technology to commit instant payment fraud through the Chinese-speaking Android malware-as-a-service platform, SuperCard X. This malware enables real-time theft by using NFC to capture payment card data and make fraudulent transactions at point of sale (PoS) terminals and ATMs.

Unlike older methods such as overlay attacks or SMS interception, SuperCard X uses contactless functionalities in modern payment cards. Infected Android devices become NFC relay stations, simplifying the fraud process. Users of SuperCard X access “Reader” and “Tapper” applications via Telegram channels, making NFC relay fraud easily accessible without complex tool development.

The attack starts with spoofed messages from banks urging victims to call a number. Scammers then pose as bank agents, instructing victims to install the SuperCard X Reader app disguised as security software. This app requires minimal NFC permissions and standard system permissions, avoiding detection by security software.

When victims tap their card against the infected device, the Reader app captures NFC-transmitted card data. This data, including Answer To Reset (ATR) messages, is sent in real-time to the attackers. The Tapper app on another device uses the relayed ATRs to emulate the victim’s card, allowing for transactions at contactless PoS terminals and ATMs. Fraudulent withdrawals increase after convincing victims to lift spending limits. SuperCard X is distinct from other Android banking Trojans, focusing on NFC relay with minimal permissions, evading most antivirus engines. An analysis by Cleafy found extensive code reuse from open-source projects, indicating quick development and easy onboarding for affiliates.

In an Italian campaign, Cleafy noted customizations like tailored APK repackaging and pre-generated login credentials, streamlining the attack. SuperCard X highlights advanced social engineering and strategic minimalism in permissions, challenging current cybersecurity defenses with its covert and effective methods.

Android

Explore more

Intel Panther Lake Mobile Processor – Review
December 9, 2025

The relentless battle for supremacy in the high-performance mobile processor sector has reached a fever pitch, with every new release promising to redefine the boundaries of what is possible in a laptop. The Intel Panther Lake architecture represents a significant advancement in this arena. This review will explore the evolution from its predecessor, its key architectural features, leaked performance metrics,

AMD Ryzen 7 9850X3D – Review
December 9, 2025

The high-performance gaming CPU market continues its rapid evolution as a critical segment of the consumer electronics sector, with this review exploring the progression of AMD’s 3D V-Cache technology through its newest leaked processor. The purpose is to provide a thorough analysis of this upcoming chip, examining its capabilities based on available data and its potential to shift the competitive

Europe Leads the Global Embedded Finance Revolution
December 9, 2025

The most profound technological revolutions are often the ones that happen in plain sight, and across Europe’s digital economy, finance is quietly becoming invisible, seamlessly woven into the fabric of everyday commerce and communication. This research summary analyzes the monumental transformation of the continent’s financial landscape, where embedded finance is evolving from a niche service into the fundamental infrastructure of

Trend Analysis: Privacy-Preserving AI in CRM
December 9, 2025

In the relentless pursuit of a unified customer view, global enterprises now confront a fundamental paradox where the very data needed to power intelligent AI systems is locked away by an ever-expanding web of international privacy regulations. This escalating conflict between the data-hungry nature of artificial intelligence and the stringent data residency requirements of laws like GDPR and CCPA has

AI-Powered CRM Platforms – Review
December 9, 2025

For decades, the promise of a truly seamless and personalized customer experience remained just out of reach, as the very Customer Relationship Management systems designed to foster connection often created more complexity than they solved. AI-Powered CRM platforms represent a significant advancement in customer relationship management, fundamentally reshaping how businesses interact with their clients. This review will explore the evolution