A recent emergence of a new malware strain named SuperCard X has raised concerns in the cybersecurity community due to its innovative use of Near-Field Communication (NFC) technology to carry out unauthorized transactions at Point-of-Sale (POS) systems and Automated Teller Machines (ATMs).
The discovery of SuperCard X was detailed in a report by the Cleafy Threat Intelligence team, who identified this Android-based malware as part of a sophisticated fraud campaign primarily targeting Italy. This malware utilizes a novel NFC-relay attack method to intercept and relay NFC communications from compromised devices, allowing threat actors to capture payment card data when the card is in close proximity to the infected device.
The fraud campaign associated with SuperCard X involves various tactics, including social engineering via SMS and phone calls, malware distribution, and NFC data interception. Victims are deceived into downloading a malicious application, which then captures payment card data and relays it in real-time to an attacker-controlled device for immediate fraudulent cash-outs.
One of the notable features of SuperCard X is its remarkably low detection rate by antivirus solutions, attributed to its focus on narrow NFC data capture that requires minimal permissions, making it less conspicuous to traditional security measures. The malware consists of two separate applications, “Reader” for capturing NFC card data and “Tapper” for conducting the fraud. Communication between these apps is secured using mutual TLS (mTLS) over a Command and Control (C2) infrastructure to prevent unauthorized access.
According to Cleafy, the NFC-relay attack facilitated by SuperCard X represents a significant escalation in fraud capabilities, posing a threat not only to banking institutions but also to payment providers and card issuers. The malware’s codebase shares similarities with NGate, indicating a potential evolution from previous technologies.
The distribution of SuperCard X through the Malware-as-a-Service (MaaS) model emphasizes the need for financial institutions to enhance their security measures and vigilance. As the malware can operate across different regions and tailor custom builds for specific campaigns, the adaptability and sophistication of cyber threats continue to grow.
The impact of SuperCard X underscores a new challenge in combating cyber fraud, where the use of NFC technology introduces a disruptive element to traditional financial systems. The immediate access to fraudulently obtained funds by attackers amplifies the urgency to detect and counter such threats effectively.
Financial institutions and cybersecurity experts are advised to revise their detection strategies and protective mechanisms to mitigate the risks posed by the evolving landscape of malware. Indicators of Compromise (IOCs) associated with SuperCard X, including specific hash values and C2 servers, provide crucial information for identifying and responding to potential breaches.
In conclusion, the emergence of SuperCard X highlights the ongoing battle against cyber fraud and the need for continuous improvements in cybersecurity defenses to stay ahead of increasingly sophisticated threats. Vigilance and collaboration within the cybersecurity community are essential to protect financial systems and prevent future attacks.