b2b-daily
Search
Close this search box.
Search
Close this search box.
Home | IT | Cyber Security

Hackers Exploit NFC in New Android Payment Fraud Scheme

Avatar photo
by Bairon McAdams
April 23, 2025
Image Credit: Freepik / Freepik
Hackers Exploit NFC in New Android Payment Fraud Scheme
Article Highlights
Off On

Hackers are exploiting near-field communication (NFC) technology to commit instant payment fraud through the Chinese-speaking Android malware-as-a-service platform, SuperCard X. This malware enables real-time theft by using NFC to capture payment card data and make fraudulent transactions at point of sale (PoS) terminals and ATMs.

Unlike older methods such as overlay attacks or SMS interception, SuperCard X uses contactless functionalities in modern payment cards. Infected Android devices become NFC relay stations, simplifying the fraud process. Users of SuperCard X access “Reader” and “Tapper” applications via Telegram channels, making NFC relay fraud easily accessible without complex tool development.

The attack starts with spoofed messages from banks urging victims to call a number. Scammers then pose as bank agents, instructing victims to install the SuperCard X Reader app disguised as security software. This app requires minimal NFC permissions and standard system permissions, avoiding detection by security software.

When victims tap their card against the infected device, the Reader app captures NFC-transmitted card data. This data, including Answer To Reset (ATR) messages, is sent in real-time to the attackers. The Tapper app on another device uses the relayed ATRs to emulate the victim’s card, allowing for transactions at contactless PoS terminals and ATMs. Fraudulent withdrawals increase after convincing victims to lift spending limits. SuperCard X is distinct from other Android banking Trojans, focusing on NFC relay with minimal permissions, evading most antivirus engines. An analysis by Cleafy found extensive code reuse from open-source projects, indicating quick development and easy onboarding for affiliates.

In an Italian campaign, Cleafy noted customizations like tailored APK repackaging and pre-generated login credentials, streamlining the attack. SuperCard X highlights advanced social engineering and strategic minimalism in permissions, challenging current cybersecurity defenses with its covert and effective methods.

Android

Explore more

Transformative Lessons in Business Coaching for Entrepreneurs
July 2, 2025

Business coaching has steadily become a vital asset for entrepreneurs aiming to elevate their leadership skills and ensure long-lasting success. Entrepreneurs from various fields seek the assistance of business coaches to refine their approach, optimize operations, and effectively navigate evolving market demands. This growing trend reflects an acknowledgment of the benefits derived from external expertise and objective feedback. Business coaching

Graduates Face Unusual Job Woes Amid Rising Enrollment Rates
July 2, 2025

The current economic landscape has presented young college graduates with a perplexing challenge that diverges from historical norms. Unlike previous years, recent data indicates a scenario where fresh graduates confront lower employment rates than the general working population. This anomaly raises pressing questions about the future integration of newly educated individuals into the labor market and the evolving role of

Hiring Superstars: Balancing Skills and Emotional Intelligence
July 2, 2025

In an era where competition is fierce and businesses must continually adapt to survive, the recruitment process stands as a critical pillar for organizational success. Beyond the obvious need to fill job vacancies, hiring superstars involves a delicate balance between skills and emotional intelligence. Successful hiring sets the trajectory not only for departmental success but also for shaping the overall

Is Embedded Finance Transforming Traditional Banking?
July 2, 2025

In the dynamic landscape of finance, embedded finance emerges as a transformative player, bridging the gap between financial services and everyday transactions. This concept integrates financial services like payments, credit, and insurance directly into non-financial companies’ platforms, fundamentally altering how consumers access banking services. By embedding these capabilities into digital environments, such as e-commerce sites or mobile apps, embedded finance

Embedded Finance Revolutionizes Global Financial Services
July 2, 2025

Innovations in monetary transactions have radically altered the financial landscape, and embedded finance now stands at the forefront as an influential force. This transformative concept integrates financial services like payments, lending, and insurance seamlessly into non-financial platforms, offering users a frictionless transactional experience. Embedded finance reduces the need for consumers to engage with separate providers, creating a streamlined journey that