A new threat is directly targeting your bank card. Cybercriminals are using a novel method to bypass contactless security. This discreet technique relies on an unexpected flaw in your smartphone.
The threats to mobile payments are evolving rapidly. In 2024, a BlackBerry study revealed that approximately 11,500 new viruses were created every day, an increase of more than 50% compared to the previous year. This malware explosion shows how imaginative cybercriminals are to circumvent existing protections. Among the targeted technologies, NFC contactless is becoming a prime target. Now, with a simple compromised smartphone, it is possible to steal your banking data without your knowledge, without even needing to directly access your physical card.
According to a report by Cleafy, a fraud campaign called SuperCard X uses a new type of Android malware to hijack NFC communications. Hackers are able to trick users via alarming messages sent via SMS or WhatsApp. They trick them into calling a fake customer service number and then install a malicious application under the pretext of verifying their bank card. This spyware discreetly captures card information when the user passes it near their phone.
Hackers capture your banking data with SuperCard X and make contactless withdrawals whenever they want
Once the card is captured by the malware, the sensitive data is sent to a second device controlled by the hackers. This system, based on a so-called "NFC relay" attack, allows hackers to immediately make contactless payments or withdrawals at compatible ATMs. This method is particularly effective because it does not depend on a specific bank and often evades traditional detection systems.
The SuperCard X malware remains difficult for antivirus software to detect because it requests very few permissions on Android, focusing solely on the NFC function. This low activity profile makes its identification more complex. Researchers also point out that this approach is starting to spread to other malware. To protect yourself, it is essential to never install applications from links received by SMS and to always check the origin of messages before taking any action.
0 Comments