A SOPHISTICATED new scam attack that allows cyber thieves to instantly access the money of victims has been uncovered by experts.
The devastating scam is pulled off when targets “tap” their payment cards on their infected phones.
It's been dubbed “SuperCard X” and appears to be linked to Chinese-speaking threat actors, according to security firm Cleafy.
The ruse begins like many others, with individuals receiving a fake text or message claiming to be from their bank.
These messages say there has been a suspicious transaction on their account and that they need to call a number to resolve it.
pose as bank support staff and trick victims into revealing their card number, PIN and removing spending limits within their app.
But matters take a different turn next when the scammer tells them to install an app that's meant to be a security or verification tool.
Instead, it hides the SuperCard X malware.
The crook finally urges the person to tap their payment card on their phone to verify it.
However, this doesn't protect their account – it allows the malware to read the card chip data, which is instantly sent off to the fraudster.
“As highlighted in this report, this new threat stands out from previous ones not so much due to the sophistication of the malware itself, but rather in terms of the fraud mechanism that relies on anovel techniqueassociated with the NFC,” Cleafy says.
“This process allows the attacker to access the stolen funds instantly and potentially outside traditional fraud channels that typically involve bank transfers.”
– which runs Android – told BleepingComputer that “no apps containing this malware are found on Google Play” based on their current detection.
“Android users are automatically protected by Google Play Protect, which is on by default on Android devices with Google Play Services,” a rep said.
“Google Play Protect can warn users or block apps known to exhibit malicious behavior, even when those apps come from sources outside of Play.”
