New Android Clona Virus remotely with credit card mobile phone

Cyber ​​criminals have developed a new Maas Platform called Supercard X. The Maas (from malware) model allows people to rent crime tools to make cyber attacks. In this situation, Supercard X facilitates attacks that abuse NFC connection on Android mobile phones For financial theft.

The news in the world of cyber crime initially has only Italians as a target. Cybersecurity Cleafy says Supercard X, which allows criminals to receive credit card data, is offered on various channels in the telegraph.

In a report, Cleafy clearly demonstrates five main points surrounding Supercard X:

• Supercard X Maltest Software: The new Android malware offered through the salary allows NFC relay attacks for fraudulent withdrawal transactions
• Evolutionary Threats: In the financial sector, where relay NFC represents a new important capacity, the continuous progress of malware mobile
• Combined vectors: Social Engineering (through cigarettes and telephone calls) Combining NFC data intervention for combining, installation of malicious applications and fraud
• Low Perception Rate: Supercard X currently has a low perception rate among antivirus solutions due to its focused functionality and minimalist permit model.
• Target Scope: The fraud plan aims the customers of bank institutions and card publishers in order to compromise on payment card data.

Also read: “Advanced Privacy” Mode for WhatsApp speeches; Find out how it works

Who is responsible for Supercard X?

According to research, the malicious platform is operated by cyber criminals who communicate in Chinese language.

The malicious software in question brings its code similar to well -known NGATE malware described by ESET in 2024.

How are the victims attacked?

The virus is sent by SMS or WhatsApp for fake messages sent through SMS or WhatsApp for defined goals. Messages simulate emergency texts in bank transactions sent by banks and bring a telephone theme for further details.

The sacrifice is then taken to a fake phone center, a well -known blow in Brazil. The fake official is manipulated enough to get more accurate information about bank codes and pins with the data of the victims at hand.

Then according to Cleafy, the series of the whole coup starts and ends:

• PIN: Security assistants, who investigate the victim’s potential concern about fraudulent transactions, convince him to “redefine” or “control his card”. Since the victims usually do not remember the pin immediately, the invaders to guide them in the bank application to save this secret information.
• Removing the card limit: After gaining the confidence of the victim and potentially accessing the bank application, the attackers tell the victim to go to the card settings in the bank application and remove the current spending limits on your bank or credit card.
• Application Installation: Then, the attackers convince the victim to make a apparently harmless application. Usually hidden as a safety tool or verification ancillary program, a connection to this malicious application is sent by SMS or WhatsApp. Without the knowledge of the victim, this application hides the SUPERCARD X malicious software that includes NFC relay functionality
• NFC Data Capture: As a last stage of manipulation, the attackers instruct the victim to bring physical cards or credit cards closer to the infected mobile device. Supercard X malware quietly captures the card details transmitted via NFC. These data are seized in real time and transferred by a command and control infrastructure (C2) for a second Android device controlled by the invader.
• Fraudulent withdrawal: Once the victim’s card data has been re -transmitted successfully, the attackers use their second devices to perform unauthorized operations. This usually includes approach payments in POS terminals, or even more concern, withdrawal with ATMs.

“Unlike traditional fraud scenarios such as electronic transfers, which can last two working days to process and allow the time of detection and intervention, such an attack is being carried out at the moment.” “It looks like a ‘instant payment’, but with the additional advantage for the invader to obtain instant access to acquired goods or services. This creates a double advantage of the scammer: the rapid movement of stolen funds and the usability of the fraudulent process.”

How can you protect yourself

The guards in such attacks are varied: the insecurity of urgent messages received, the use of a second authentication factor, the use of antiviruses from proactive contact close to the bank responsible for accounts.

As Cleafy points out, this attack is based on relatively simple social engineering techniques, but is very effective. “The use of more than one attack vector in the same fraud campaign adds another layer of complexity. This multi -channel approach brings additional difficulties to monitoring efforts and emphasizes the need for real time -detection resources.”

Do you want to know more? Follow the entire report here. Follow the security editor in Tecmundo for more news about the Cyber ​​Crime World!