In the “I can’t believe I’m continuing to see this” department, we are probably not surprised on seeing more malware on a platform which continues that it is boasting its security.
SuperCard X is linked to Chinese-speaking threat actors and shows code similarities with the open-source project NFCGate and its malicious spawn, NGate, which has facilitated attacks in Europe since last year.
The malware-as-a-service platform is promoted through Telegram channels that also offer direct support to “customers.”
The article continues:
The attack begins with the victim receiving a fake SMS or WhatsApp message impersonating their bank, claiming they need to call a number to resolve issues caused by a suspicious transaction.
The call is answered by a scammer posing as bank support, who uses social engineering to trick the victim into “confirming” their card number and PIN. They then attempt to convince the user to remove spending limits via their banking app.
What got me was them asking to remove spending limits. By rule, we don’t know what might set off the systems to protect us from Fraud, and we can’t turn that off. So nice try.
Also, for the paragraph that says you may get an SMS or WhatsApp message, you’ll want to pay attention as banks don’t use WhatsApp to my knowledge and SMS usually comes from a short code and identifies itself.
I’d say to call your bank or look online to verify things look good.
Finally, the threat actors convince users to install a malicious app (Reader) disguised as a security or verification tool that contains the SuperCard X malware.
The reader will scan your card and send the data off to the actors who can use it to charge your card.
Continuing:
Cleafy notes that SuperCard X is currently not flagged by any antivirus engines on VirusTotal and the absence of risky permission requests and aggressive attack features like screen overlaying ensures it stays off the radar of heuristic scans.
The emulation of the card is ATR-based (Answer to Reset), which makes the card appear legitimate to payment terminals and shows technical maturity and understanding of smartcard protocols.
A spokesperson for Google says that this app is not in Google Play and that Google Play protects you. Do I honestly believe that?
The full article is titled New Android malware steals your credit cards for NFC relay attacks if you want to read more.
This will get interesting.
Discover more from Jared's Technology podcast network
Subscribe to get the latest posts sent to your email.