Efani<p>🚨 A new Android malware campaign is using NFC relay attacks to clone credit cards — and it’s nearly invisible to antivirus tools.</p><p>Security researchers have discovered 'SuperCard X', a malware-as-a-service (MaaS) platform that allows cybercriminals to steal card data and make contactless payments using compromised Android devices.</p><p>Key highlights from the report:<br>- Distributed via social engineering scams through fake SMS or WhatsApp messages <br>- Victims are tricked into installing a malicious app disguised as a bank “verification” tool <br>- Once installed, it uses NFC to read card chip data and sends it to a second attacker device <br>- Attackers use a companion app to emulate the victim’s card and make payments or ATM withdrawals</p><p>🔍 What makes it dangerous:<br>- SuperCard X requests minimal permissions, making it hard to detect <br>- It uses ATR-based card emulation and mutual TLS (mTLS) for secure communication <br>- Malware is not flagged by any antivirus engines on VirusTotal <br>- Transactions are small, instant, and look legitimate to banks — making them harder to detect or reverse</p><p>🛡️ Google responded saying Play Protect is active and currently no such apps are listed on Google Play. But since these apps spread outside the store, Android users remain at risk — especially if they sideload apps or fall for impersonation scams.</p><p>This is a textbook example of how mobile payment infrastructure is being exploited — and why NFC security deserves more attention in mobile-first threat models.</p><p>At <span class="h-card" translate="no"><a href="https://infosec.exchange/@Efani" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Efani</span></a></span> we’re committed to helping protect high-risk users from silent, evasive mobile threats just like this.</p><p><a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/AndroidMalware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AndroidMalware</span></a> <a href="https://infosec.exchange/tags/NFC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NFC</span></a> <a href="https://infosec.exchange/tags/MobileSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MobileSecurity</span></a> <a href="https://infosec.exchange/tags/EfaniSecure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EfaniSecure</span></a> <a href="https://infosec.exchange/tags/SuperCardX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SuperCardX</span></a> <a href="https://infosec.exchange/tags/FintechFraud" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FintechFraud</span></a> <a href="https://infosec.exchange/tags/MalwareAsAService" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MalwareAsAService</span></a></p>