April 21, 2025 By Pierluigi Paganini
‘SuperCard X’ – a new MaaS – targets Androids via NFC relay attacks, enabling fraudulent POS and ATM transactions with stolen card data.
Cleafy researchers discovered a new malware-as-a-service (MaaS) called SuperCard X targeting Android devices with NFC relay attacks for fraudulent cash-outs.
Attackers promote the MaaS through Telegram channels, analysis shows SuperCard X builds had Telegram links removed, likely to hide affiliate ties and hinder attribution, suggesting efforts to evade detection. Analysis of the SuperCard X campaign in Italy revealed custom malware builds tailored for regional use.
This campaign uses an NFC-relay technique to hijack POS and ATM transactions by relaying intercepted card data. The malware is delivered via social engineering, attackers attempt to trick victims into tapping cards on infected phones. The researchers linked the campaign to the Chinese-speaking MaaS platform “SuperCard X,” they noticed the malware shares code with the NGate malware.
