A new malware threatens the bank data of those who have WhatsApp on an Android device. This malware It is known as Supercard x and is aimed at the devices that have the Google operating system. Through NFC retransmission attacksaims to access their victims’ bank cards to steal money.
As reported from the cybersecurity company Cleafythe attack begins with the Sending a SMS or a fraudulent WhatsApp message that supplants a bank and urges the victim to call a number to correct an incidence related to a suspicious transaction.
If the victim pins and calls, it will be the scammer who Taking the role of an operator of the bank will request your Card number and pin To process the problem solution. As a security measure, he asks him to install a Malicious app called Readerbut that, in reality, is what contains the malware Supercard X.
This application demands few permits, but one of them is access to the NFC moduleso if it is granted, the scammer can steal the card data, although if this is already suspicious, the next step is devastating. Specifically, asks the victim to bring her payment card to the phonewhich makes no sense, but that allows malware Read the chip data and send it to the criminals.
Very difficult to detect
These data reach another Android device that uses an application called Tapper to be able to Recreate the victim’s card with stolen information and make NFC payments in stores, and in ATMs (it is detected as legitimate). Of course, with established quantity limits, which does it more complicated to detect.
Supercard X is related to malicious actors from China and attacks in Italy have been detected. According to the company, it is very difficult to detect, being impossible for more than 60 different antivirus and is distributed through channels of Telegram where it offers support for ‘clients’.
Sign up to us Newsletter And receive the latest news about technology in your mail.
