Payment Hack EXPOSED — Card Info STOLEN

Person reading a scam message on a smartphone

Chinese cybercriminals are stealing from Android users’ bank accounts without ever touching their credit cards, exploiting a new malware that intercepts NFC payment data and allows hackers to make unauthorized purchases remotely.

Key Takeaways

  • SuperCard X malware targets Android devices by intercepting NFC payment data during legitimate transactions, allowing hackers to make unauthorized purchases without physical access to credit cards
  • The attack begins with fake banking messages through SMS or WhatsApp, tricking victims into installing a malicious app called “Reader” that contains the undetectable malware
  • The malware is particularly dangerous because it doesn’t require stealing credentials or PINs, uses minimal permissions to avoid detection, and can target any cardholder regardless of their bank
  • Google is developing new Android security features to block installations from unknown sources and restrict accessibility settings during calls to combat this growing threat
  • Users can protect themselves by rejecting app installations from unknown sources, disabling NFC when not in use, and regularly monitoring bank accounts for suspicious activity

Sophisticated Malware Operation Targets Android Users

A new cybersecurity threat is targeting Android smartphone users through a sophisticated malware operation that exploits NFC payment technology. SuperCard X, identified by Italian security firm Cleafy, is a malware-as-a-service platform developed by Chinese-speaking cybercriminals that performs relay attacks to enable fraudulent payments and ATM withdrawals. The malware has been used in targeted attacks in Italy and represents a significant shift in how criminals steal financial information, combining technical exploitation with social engineering tactics to bypass traditional security measures.

“SuperCard X is a newly identified malware-as-a-service (MaaS) platform that targets Android handsets using an advanced NFC relay technique,” said Cleafy

The malware campaign uses a multi-step approach to steal payment information. It begins when victims receive what appears to be a legitimate banking message through SMS or WhatsApp warning about suspicious transactions. The message urges recipients to download what they believe is a legitimate banking application to verify their identity. This social engineering tactic exploits the urgency and fear created by potential financial fraud, leading users to bypass normal security precautions they might otherwise follow.

How SuperCard X Steals Your Money

What makes SuperCard X particularly dangerous is how it operates after installation. Unlike traditional banking malware that steals credentials or uses screen overlays to capture login information, SuperCard X directly intercepts NFC data. When victims tap their payment cards against their phones—thinking they’re verifying their identity—the malware captures the card’s information. The attackers then use this data with a companion “Tapper” app on another Android device to simulate the victim’s card for unauthorized purchases or ATM withdrawals.

The malware’s technical sophistication is alarming. It uses mutual TLS encryption to secure connections with its command-and-control infrastructure and can operate without requiring suspicious permissions that might trigger security alerts. Even more concerning, security researchers have confirmed that the malware is currently undetectable by standard virus scanning tools, including VirusTotal. This makes identifying infected devices extremely difficult for both users and security professionals alike.

“According to Cleafy, SuperCard X is presently undetectable by malware scanners on VirusTotal,” said Cleafy

The threat is further magnified by SuperCard X’s distribution model. As a malware-as-a-service platform, it can be easily deployed by various criminal groups, making it more scalable and harder to contain. Multiple variants of the Reader malware have been identified, suggesting that customized versions are being developed for specific campaigns targeting different banks or regions. This indicates a well-organized criminal operation rather than isolated attacks.

Protecting Yourself From NFC Payment Fraud

In response to these emerging threats, Google is developing new Android security features that will block app installations from unknown sources and restrict accessibility settings during calls. However, until these protections are fully implemented, Android users must take proactive steps to protect themselves. The most effective defense is to never install applications from outside the Google Play Store, especially those promoted through unsolicited messages claiming to be from banks or financial institutions.

Additional protective measures include disabling NFC capabilities when not actively making legitimate payments, regularly monitoring bank accounts for suspicious activity, and immediately reporting any unauthorized transactions to your financial institution. For those concerned about broader identity protection, consider using personal data removal services and identity theft protection plans. These additional layers of security can help minimize exposure to such sophisticated attacks and limit potential financial losses.

The SuperCard X malware represents yet another example of how leftist policies that permit unrestricted illegal immigration have contributed to increased cybercrime in America. With weak border security, criminal organizations—including those linked to Chinese hacking groups—have greater opportunities to conduct operations against American citizens and businesses. President Trump’s administration has consistently prioritized cybersecurity and border protection as essential components of national security, recognizing that these issues directly impact the financial wellbeing of American citizens.

RELATED ARTICLESMORE FROM AUTHOR