b2b-daily
Home | IT | Cyber Security

Hackers Exploit NFC in New Android Payment Fraud Scheme

Avatar photo
by Bairon McAdams
April 23, 2025
Image Credit: Freepik / Freepik
Hackers Exploit NFC in New Android Payment Fraud Scheme
Article Highlights
Off On

Hackers are exploiting near-field communication (NFC) technology to commit instant payment fraud through the Chinese-speaking Android malware-as-a-service platform, SuperCard X. This malware enables real-time theft by using NFC to capture payment card data and make fraudulent transactions at point of sale (PoS) terminals and ATMs.

Unlike older methods such as overlay attacks or SMS interception, SuperCard X uses contactless functionalities in modern payment cards. Infected Android devices become NFC relay stations, simplifying the fraud process. Users of SuperCard X access “Reader” and “Tapper” applications via Telegram channels, making NFC relay fraud easily accessible without complex tool development.

The attack starts with spoofed messages from banks urging victims to call a number. Scammers then pose as bank agents, instructing victims to install the SuperCard X Reader app disguised as security software. This app requires minimal NFC permissions and standard system permissions, avoiding detection by security software.

When victims tap their card against the infected device, the Reader app captures NFC-transmitted card data. This data, including Answer To Reset (ATR) messages, is sent in real-time to the attackers. The Tapper app on another device uses the relayed ATRs to emulate the victim’s card, allowing for transactions at contactless PoS terminals and ATMs. Fraudulent withdrawals increase after convincing victims to lift spending limits. SuperCard X is distinct from other Android banking Trojans, focusing on NFC relay with minimal permissions, evading most antivirus engines. An analysis by Cleafy found extensive code reuse from open-source projects, indicating quick development and easy onboarding for affiliates.

In an Italian campaign, Cleafy noted customizations like tailored APK repackaging and pre-generated login credentials, streamlining the attack. SuperCard X highlights advanced social engineering and strategic minimalism in permissions, challenging current cybersecurity defenses with its covert and effective methods.

Android

Explore more

Trend Analysis: Agentic AI in Data Engineering
January 16, 2026

The modern enterprise is drowning in a deluge of data yet simultaneously thirsting for actionable insights, a paradox born from the persistent bottleneck of manual and time-consuming data preparation. As organizations accumulate vast digital reserves, the human-led processes required to clean, structure, and ready this data for analysis have become a significant drag on innovation. Into this challenging landscape emerges

Why Does AI Unite Marketing and Data Engineering?
January 16, 2026

The organizational chart of a modern company often tells a story of separation, with clear lines dividing functions and responsibilities, but the customer’s journey tells a story of seamless unity, demanding a single, coherent conversation with the brand. For years, the gap between the teams that manage customer data and the teams that manage customer engagement has widened, creating friction

Trend Analysis: Intelligent Data Architecture
January 16, 2026

The paradox at the heart of modern healthcare is that while artificial intelligence can predict patient mortality with stunning accuracy, its life-saving potential is often neutralized by the very systems designed to manage patient data. While AI has already proven its ability to save lives and streamline clinical workflows, its progress is critically stalled. The true revolution in healthcare is

Can AI Fix a Broken Customer Experience by 2026?
January 16, 2026

The promise of an AI-driven revolution in customer service has echoed through boardrooms for years, yet the average consumer’s experience often remains a frustrating maze of automated dead ends and unresolved issues. We find ourselves in 2026 at a critical inflection point, where the immense hype surrounding artificial intelligence collides with the stubborn realities of tight budgets, deep-seated operational flaws,

Trend Analysis: AI-Driven Customer Experience
January 16, 2026

The once-distant promise of artificial intelligence creating truly seamless and intuitive customer interactions has now become the established benchmark for business success. From an experimental technology to a strategic imperative, Artificial Intelligence is fundamentally reshaping the customer experience (CX) landscape. As businesses move beyond the initial phase of basic automation, the focus is shifting decisively toward leveraging AI to build