Novel SuperCard X MaaS platform leveraged for payment card compromise

Android devices have been targeted with the new SuperCard X malware-as-a-service platform to pilfer funds from payment cards as part of a new scam that also involves social engineering and NFC exploitation, according to The Record, a news site by cybersecurity firm Recorded Future. After sending fake bank fraud alerts deceiving targets into providing their PINs and removing card spending limits, threat actors then deliver a link purporting to be a verification or security tool to spread SuperCard X before instructing victims to ensure their cards' proximity to their devices and activate NFC to enable not only clandestine card information compromise but also the immediate exfiltration of funds, a report from Cleafy revealed. SuperCard X, which is believed to be spread by Chinese-speaking actors, was also found to resemble the NGate malware, which ESET reported to have been used to target funds belonging to three Czech banks' customers last year.