Hackers are now stealing credit card data from older Android phones using a new malware called SuperCard X that turns victims’ devices into contactless card-skimming machines, capable of draining accounts through unauthorized ATM withdrawals.
Key Takeaways
- One-third of active Android phones are vulnerable to banking malware due to outdated security patches, with millions of devices past their security update cutoff date.
- SuperCard X malware turns Android phones into malicious tap-to-pay machines that can read and transmit credit card data to hackers for fraudulent transactions.
- Attackers begin with sophisticated phishing campaigns impersonating banks, tricking victims into installing a malicious app disguised as a security tool.
- The malware is stealthy and avoids detection by most antivirus programs, making regular system updates critical for protection.
- Users can protect themselves by verifying suspicious messages directly with their bank and avoiding downloads from unknown sources.
New “SuperCard X” Malware Targets Android Users’ Banking Details
A dangerous new malware-as-a-service platform called SuperCard X is actively targeting Android users, particularly those with older devices lacking security updates. This sophisticated malware exploits the near-field communication (NFC) feature found in most Android phones to steal credit and debit card information through a technique known as NFC relay attacks. Once infected, a victim’s phone becomes a tool for criminals to harvest sensitive financial data from contactless payment cards.
“Hackers love using malware to go after your credit card details but a new malware-as-a-service platform makes it incredibly easy for them to use these stolen cards in person at stores and even at ATMs,” warns BleepingComputer.
The attack begins with convincing phishing messages that impersonate legitimate banks, urging recipients to call a fraudulent customer service number about supposed suspicious activity on their account. When victims call, they’re connected with criminals posing as bank representatives who use social engineering tactics to manipulate them into “confirming” sensitive information and installing a malicious application called “Reader.”
— The Hacker News (@TheHackersNews) November 25, 2024
How SuperCard X Operates and Evades Detection
What makes SuperCard X particularly dangerous is its ability to fly under the radar. “Most antivirus programs for Android fail to spot it,” according to cybersecurity company Cleafy. The malware requests minimal permissions during installation, appearing legitimate to unsuspecting users. Once granted access to the device’s NFC module, it can read card chip data whenever a payment card is tapped against the infected phone and immediately transmit that information to hackers.
“The malware, which cybersecurity company Cleafy calls SuperCard X, uses a feature now found in most Android phones: near-field communication (NFC),” reports Cleafy.
Criminals then use another application called “Tapper” to emulate victims’ payment cards for fraudulent contactless transactions and ATM withdrawals. To avoid triggering fraud detection systems, hackers typically make numerous small purchases rather than large transactions. While currently most prevalent in Italy, security experts warn that SuperCard X is available on the dark web and could quickly spread globally.
— The Hacker News (@TheHackersNews) December 9, 2024
Older Android Phones Face Elevated Security Risks
Google’s recent security reports highlight alarming vulnerabilities for users with outdated Android versions. Approximately one-third of active Android devices worldwide have surpassed their security update cutoff date, leaving millions of users exposed to potential attacks. A recent Google security update identified 62 flaws in Android systems, with two actively being exploited by hackers in the wild.
“They aren’t just missing recent patches; they stopped getting any security patches quite some time ago, maybe months or even years back,” explains Phone Arena.
Users of Android 12 or older versions face significantly higher risks when conducting banking transactions or accessing sensitive personal information. Experts strongly recommend upgrading to Android 13 or newer, which incorporates enhanced security measures specifically designed to protect financial applications. Warning signs of malware infection include unexpected pop-up advertisements, decreased device performance, unusual battery drain, and unauthorized account activity.
Protecting Yourself from Banking Malware
Security experts emphasize that prevention is the best defense against banking malware. Always verify suspicious messages by contacting your financial institution directly through official channels, not by using phone numbers or links provided in unsolicited communications. Avoid downloading applications from unknown sources or third-party app stores, and regularly check your device for security updates.
“To be on the safe side, if your Android device is currently running Android 12, Android 12L, or lower, updating the OS to Android 13 or newer is one of the most secure things you can do. If this is the scenario you are left with, another option is to just go ahead and shell out the money to buy a new Android handset,” advises Phone Arena.
When it comes to banking activities on older Android devices, experts are unambiguous: “it’s not worth the risk,” they warn. For those unable to upgrade immediately, installing reputable security software provides an additional layer of protection. Most importantly, maintain vigilance with all financial communications and regularly monitor account statements for unauthorized transactions, especially after using contactless payment methods in public places.
