NFC-Powered Android Malware Enables Instant Cash-Outs
Researchers at security vendor Cleafy detailed a malware known as "SuperCard X" that uses the NFC reader on a victim's own phone to steal credit card funds instantly.
Credit card security concerns theft, fraud, payment-data breaches, and safeguards that protect account details during transactions.
Search across headline titles and summaries.
Background for this topic.
Credit card data includes the card number, expiration date, CVV code, and cardholder information used to authorize payments. This data is highly sensitive because it directly enables financial transactions and access to funds. Protecting credit card data involves securing it during storage, transmission, and processing to prevent unauthorized use or theft.
Information security concerns focus on risks such as data interception during online payments, malware targeting point-of-sale systems, and unauthorized access to stored card data. Effective defenses include strong encryption, tokenization to replace card details with non-sensitive identifiers, and strict adherence to Payment Card Industry Data Security Standards (PCI DSS). These measures reduce the risk of fraud and financial loss by limiting exposure of actual card data to attackers.
Researchers at security vendor Cleafy detailed a malware known as "SuperCard X" that uses the NFC reader on a victim's own phone to steal credit card funds instantly.
Attack Combines Social Engineering and Card Emulation to Execute Real-Time TheftHackers are using Chinese-speaking Android malware-as-a-service SuperCard X to carry out near-field communication relay attacks, siphoning payment card data and executing live point of sale and ATM transactions. Victims receive spoofed SMS or WhatsApp alerts purporting to originate from their bank.
A new Android malware-as-a-service (MaaS) platform named SuperCard X can facilitate near-field communication (NFC) relay attacks, enabling cybercriminals to conduct fraudulent cashouts