In a regarding growth for cell fee safety, cybersecurity consultants have recognized a complicated new malware pressure named “SuperCard” that exploits Android units to steal fee card information.
This malicious software, a modified model of the reliable NFCGate program, intercepts Close to Area Communication (NFC) visitors throughout contactless funds, successfully turning compromised telephones into relay units that transmit delicate monetary data on to attackers.
First detected in April 2025 by Italian safety agency Cleafy, SuperCard initially focused European banking clients earlier than increasing its attain.
The malware operates as a part of a well-organized “malware-as-a-service” (MaaS) platform referred to as SuperCard X, which cybercriminals can subscribe to by means of underground Telegram channels.
In contrast to earlier NFC-exploiting threats, SuperCard presents subscribers subtle buyer help companies, reflecting the more and more skilled nature of right this moment’s cybercrime ecosystem.
Habr researchers recognized that the assault begins with social engineering techniques, the place victims obtain messages from seemingly reliable sources urging them to put in what seems to be a helpful software.
As soon as put in, the malware requests permissions to entry the machine’s NFC module and fee techniques, establishing itself because the default fee handler.
// Simplified illustration of SuperCard’s NFC interception mechanism
@Override
public void onTagDiscovered(Tag tag) {
IsoDep isoDep = IsoDep.get(tag);
strive {
isoDep.join();
byte[] command = {0x00, 0xA4, 0x04, 0x00, 0x07, 0xA0, 0x00, 0x00, 0x00, 0x42, 0x10, 0x10};
byte[] end result = isoDep.transceive(command);
// Intercept and ahead card information to C2 server
sendToAttacker(end result);
} catch (Exception e) {
Log.e(“SuperCard”, “Error speaking with card”, e);
}
}
An infection Mechanism and Knowledge Exfiltration
The sophistication of SuperCard lies in its multi-stage an infection course of. After set up, the malware stays dormant till it detects a fee transaction.
When a consumer makes an attempt to make a contactless fee, SuperCard prompts within the background, capturing the transaction information whereas permitting the reliable fee to proceed.
This stealth strategy ensures victims stay unaware of the compromise whereas their card particulars are transmitted to command-and-control servers.
F6 safety analysts report that SuperCard has already compromised over 175,000 Android units in Russia alone, with damages exceeding 432 million rubles within the first quarter of 2025.
The malware’s fast world unfold demonstrates the evolving menace panorama for cell fee techniques, requiring customers to train excessive warning when putting in purposes, even those who seem reliable.
Energy up early menace detection, escalation, and mitigation with ANY.RUN’s Risk Intelligence Lookup. Get 50 trial searches.
