Cleafy researchers have discovered traces of a new malware attacking Android smartphones. Dubbed SuperCard X, the malware targets users' bank cards. To achieve its goals, the virus deploys NFC relay attacks. This type of cyberattack targets contactless systems, such as bank cards or smartphones using NFC (Near Field Communication) technology, by intercepting communications between two devices. The virus is very similar to NGate, another similar virus discovered by ESET.
Fake customer service
First, the hackers will contact the target via SMS or WhatsApp. The scammers will pretend to be the victim's bank. This is a very common technique among cybercriminals. To cause panic in their contact, they will then pretend to have a suspicious transaction on their bank account. To resolve the problem and block other potentially fraudulent transactions, the target must call a phone number.
At the end of the line, a hacker will impersonate the bank's customer service. Little by little, this fake support service will convince the victim to provide their card number and PIN for verification purposes. The scammer then pushes the contact to lift the spending limits on their account by logging into their bank's app on their smartphone. The hacker then asks them to install a malicious app that pretends to be a legitimate and harmless security app.
It is this app that contains the code for SuperCard X. The virus is discreet and manages to slip under the radar of most antivirus programs. It doesn't require many Android permissions and "only collects NFC data and transmits it over a communication channel, making it less detectable." However, it hasn't managed to enter the Play Store. When questioned by Bleeping Computer, Google stated that no app "containing this malware has been found on Google Play." Over the phone, the scammer asks the victim to place their contactless bank card on their smartphone. The scammer claims that this is only to verify the card's validity. In reality, it allows the virus implanted on the smartphone to read the card's NFC data. This data is sent to the hackers behind the attack. The attackers then use a special app called Tapper to clone the bank card. The app turns the Android phone into a fake NFC terminal, which can behave as if it were the victim's physical card. From there, hackers can use their own phones to make purchases or pay for services by debiting the target's bank account. Payments are, of course, contactless. To avoid fraud alerts, cybercriminals often stick to small transactions.
According to Cleafy's investigation, the hackers behind the attack are from China. The scammers sell their tools, including the SuperCard X virus, through a subscription. Cyberattacks based on NFC and remote bank card cloning have been reported in Italy. It is highly likely that operations of this type are underway in other countries in Europe, and even around the world.
Source: Cleafy
0 Comments