Tuesday, May 6, 2025
HomeCyber Security NewsNew Android SuperCard X Malware Uses NFC-Relay Technique for POS & ATM...

New Android SuperCard X Malware Uses NFC-Relay Technique for POS & ATM Transactions

Published on

SIEM as a Service

Follow Us on Google News

A new malware strain known as SuperCard X has emerged, utilizing an innovative Near-Field Communication (NFC)-relay attack to execute unauthorized transactions at Point-of-Sale (POS) systems and Automated Teller Machines (ATMs).

Detailed in a recent report by the Cleafy Threat Intelligence team, this Android-based malware has been identified as part of a sophisticated fraud campaign targeting Italy.

SuperCard X Malware
 Fraud Schema

Rising Threats in Mobile Malware

The SuperCard X malware capitalizes on NFC technology, allowing threat actors to intercept and relay NFC communications from compromised devices.

- Advertisement - Google News

This process involves deceiving victims through social engineering tactics into downloading a malicious application, which then captures payment card data when the card is in proximity to the infected device.

This data is relayed in real-time via a Command and Control (C2) infrastructure to an attacker-controlled device, enabling immediate fraudulent cash-outs.

The campaign showcases a blend of social engineering via SMS and phone calls, malware distribution, and NFC data interception.

SuperCard X Malware
Example of SMS messages

A Low Detection Rate and Advanced Techniques

One of the alarming features of SuperCard X is its significantly low detection rate by antivirus solutions.

This can be attributed to the malware’s narrow focus on NFC data capture, which reduces the need for extensive permissions, thereby making it less conspicuous to traditional security measures.

The malware’s architecture includes two applications: “Reader” for capturing NFC card data and “Tapper” for receiving this data and performing the fraud.

Communication between these apps uses HTTP over a C2 infrastructure, which employs mutual TLS (mTLS) to secure and authenticate connections, preventing unauthorized access.

According to Cleafy, this type of attack represents a significant escalation in fraud capabilities, extending beyond the usual targets of banking institutions to directly impact payment providers and card issuers.

The fraud mechanism allows for instant access to funds, evading traditional fraud detection timelines.

The malware’s codebase shows similarities with NGate, another Android malware discovered in 2024, indicating a potential evolution from pre-existing technologies.

Given the widespread potential impact due to the Malware-as-a-Service (MaaS) model through which SuperCard X is distributed, there is a pressing need for financial institutions to enhance their vigilance.

This malware’s ability to operate across different regions and its use of custom builds tailored for specific campaigns, such as those observed in Italy, underscores the adaptability and growing sophistication of these cyber threats.

The SuperCard X malware represents a new front in the ongoing battle against cyber fraud, leveraging NFC technology in a manner that could potentially disrupt traditional financial systems.

The immediate usability of the fraudulently obtained funds by attackers adds a layer of urgency to detect, analyze, and combat such threats.

Financial institutions and security experts are urged to adapt their detection strategies and protection mechanisms to mitigate the risks posed by this evolving malware landscape.

Indicators of Compromise (IOCs)

HashApp name
2c6b914f9e27482152f704d3baea6c8030da859c9f5807be4e615680f93563a0Verifica Carta
3f39044c146a9068d1a125e1fe7ffc3f2e029593b75610ef24611aadc0dec2deSuperCard X
3fb91010b9b7bfc84cd0c1421df0c8c3017b5ecf26f2e7dadfe611f2a834330cKingCard NFC

C2 Servers:

  • api.kingcardnfc[.]com
  • api.kingnfc[.]com
  • api.payforce-x[.]com

Find this News Interesting! Follow us on Google NewsLinkedIn, & X to Get Instant Updates!

Aman Mishra
Aman Mishra
Aman Mishra is a Security and privacy Reporter covering various data breach, cyber crime, malware, & vulnerability.

Latest articles

Gunra Ransomware’s Double‑Extortion Playbook and Global Impact

Gunra Ransomware, has surfaced as a formidable threat in April 2025, targeting Windows systems...

Hackers Exploit 21 Apps to Take Full Control of E-Commerce Servers

Cybersecurity firm Sansec has uncovered a sophisticated supply chain attack that has compromised 21...

Hackers Target HR Departments With Fake Resumes to Spread More_eggs Malware

The financially motivated threat group Venom Spider, also tracked as TA4557, has shifted its...

RomCom RAT Targets UK Organizations Through Compromised Customer Feedback Portals

The Russian-based threat group RomCom, also known as Storm-0978, Tropical Scorpius, and Void Rabisu,...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Gunra Ransomware’s Double‑Extortion Playbook and Global Impact

Gunra Ransomware, has surfaced as a formidable threat in April 2025, targeting Windows systems...

Hackers Exploit 21 Apps to Take Full Control of E-Commerce Servers

Cybersecurity firm Sansec has uncovered a sophisticated supply chain attack that has compromised 21...

Hackers Target HR Departments With Fake Resumes to Spread More_eggs Malware

The financially motivated threat group Venom Spider, also tracked as TA4557, has shifted its...