SuperCard X: exposing a Chinese-speaker MaaS for NFC Relay fraud operation
This report details a newly identified and active fraud campaign, highlighting the emergence of sophisticated mobile malware leveraging innovative techniques: SuperCard X Malware: A novel Android malware offered through a Malware-as-a-Service (MaaS) model, enabling NFC relay attacks for fraudulent cash-outs. Evolving Threat Landscape: Demonstrates the continuous advancement of mobile malware in the financial sector, with NFC relay representing a significant new capability. Combined Attack Vectors: Employs a multi-stage approach combining social engineering (via smishing and phone calls), malicious application installation, and NFC data interception for highly effective fraud. Low Detection Rate: SuperCard X currently exhibits a low detection rate among antivirus solutions due to its focused functionality and minimalistic permission model. * Broad Target Scope: The fraud scheme targets customers of banking institutions and card issuers, aiming to compromise payment card data.