Android Scam allows computer pirates to use their credit card remotely
Scammers are always presenting new tricks. Just when you start feeling safe to detect phishing emails, suspicious links and false banking applications, they find a new angle. Lately, they have become more creative, resorting to the incorporated characteristics of our phones to achieve their schemes. One of the last objectives is NFC, the technology behind Tap-to-Pay.
It may seem harmless, but a new scam is using it in a way that most people would never expect. An Android malware called Supercard goes beyond just stealing the details of your card. It gives attackers the ability to use their letter remotely for real transactions. And the worst part is that everything starts with something as simple as a text message.
Usa to the “Cyberguy Free Report: Obtain my expert technology advice, critical security alerts and exclusive offers, in addition to instant access to my Survival guide for the free final scam “ When you register!
An Android phone (Kurt “Cyberguy” Knutsson)
What makes Supercard X different?
Supercard X stands out from another Android malware due to how it works. As reported by Cleafy researchersinstead of stealing user names, passwords or verification codes, use a method called NFC relay. This allows attackers to copy data from the device card of a victim in real time and use them elsewhere to make payments or remove cash. The process does not require physical access to the PIN card or knowledge.
Malware is offered through a malware model as a service, which means that different cybercriminals can use it in their own regions. This makes the threat more scalable and more difficult to contain. Unlike most banking Trojans, Supercard X does not focus on a specific institution. He addresses any card holder, regardless of which bank issued his card.
Another key difference is how stealthy is malware. Use minimal permits and does not include additional features that will facilitate detection. This Lean approach helps you avoid detection through antivirus software and allows you to operate silently on infected devices.
Totally undetectable supercardx (FUD | Cleafy) (Kurt “Cyberguy” Knutsson)
200 million social media records filtered in data violation x Major X
How the scam works
Fraud begins with a message sent through SMS or WhatsApp. It pretends to be from a bank and warns the recipient about a suspicious transaction. The message includes a phone number and urges the person to call to solve the problem. This is the first step to obtain the victim’s trust.
Once on the phone, the attacker passes through a bank representative and walks the victim through a false security process. This may include asking them to confirm personal data or adjust the configuration in their mobile bank application, such as eliminating the expenditure limits on your card.
Next, the attacker asks the victim to install a mobile application that is described as a tool to verify the account or improve security. Actually, this application contains the supercard X malware. After the installation, the attacker instructs the victim to touch his card against the phone. The malware then captures the NFC data from the card and sends them to a second phone controlled by the attacker.
Using the copied data, the attacker can make contactless payments or make automatic cashiers almost instantly. This method allows them to steal funds quickly and leaves few opportunities for banks or victims to intervene in time.
A woman moving on her phone (Kurt “Cyberguy” Knutsson)
Malware exposes 3.9 billion passwords in a great threat of cybersecurity
8 ways in which it can be kept safe from the supercard x malware
1) Be careful with suspicious texts and calls. Use strong antivirus software: Fraudulent campaigns often begin with an SMS or a call that seems to come from their bank. These messages generally claim that there is suspicious activity in your account and urges you to click or mark a number to solve the problem. However, this is a tactic used to obtain access to your personal information. Always address such messages with skepticism.
The best way to safeguard the malicious links that install malware, which potentially access their private information, is to have strong antivirus software installed on all its devices. This protection can also alert it to the PHISHING Electronic Correos and Ransomware scams, maintaining their personal information and their safe digital assets. Get my elections for the best antivirus protection winners 2025 for your Windows, Mac, Android and iOS devices.
2) Avoid installing applications from non -reliable sources: One of the key ways in which malware is propagated as Supercard X is through deceptive applications that victims are convinced to install. These applications are often harmless, posing as tools for security or account verification. If you receive a link to download an application through SMS, email or messaging applications such as WhatsApp, do not click on it. Instead, just download applications from sources of trust, such as Google Play Store. In addition, carefully review application permits and avoid giving unnecessary access, particularly confidential data such as NFC, location or personal contacts.
3) NFC turn off when not in use: NFC, or close field communication, is a useful feature that allows non -contact payments and exchanges. However, the attackers can explode it to capture the information of their letter without noticing. To minimize your risk of being a victim of NFC -based malware such as Supercard X, NFC turns off when you are not actively using it.
In most Android devices, you can do it to “configuration”, then “connected devices” or “connection preferences”, where you will find the NFC alternation. By disabled NFC, your phone will not transmit data wirelessly, which helps protect your payment card information to be stolen by nearby attackers.
4) Be attentive to your accounts and bank cards: If your device has come into contact with the Supercard or something similar, it is possible that its bank details are already compromised. That is why it is important to regularly verify the history of your transaction to obtain something strange, such as a small payment that you do not remember having made or a position from a strange location could be a sign of misuse. If you see something suspicious, inform your bank immediately. It is also worth checking your credit reports from time to time to detect identity theft signs before they are snowball in larger problems.
5) Use a personal data elimination service: If the scammers have directed it once, there is a greater possibility that they try again, especially if their personal data (such as their phone number, address or email) are easily online. Data disposal services scan sites and people search for people, then request the elimination of their information. This reduces your exposure and helps prevent future Phishing or Social Engineering attacks.
While no service can guarantee the complete elimination of your Internet data, a data removal service is really an intelligent option. They are not cheap and it is not your privacy. These services do all the work by you by actively monitoring and systematically erasing your personal information from hundreds of websites. It is what gives me peace of mind and has proven to be the most effective way to erase your personal internet data. By limiting the available information, it reduces the risk of cross -references data of infractions with information they can find in the dark network, which makes it difficult to be pointed out. See my best selections to obtain data removal services here.
6) Contact your bank and freeze your cards: If you think you have taken advantage of or managed a suspicious card, or if your phone acted strangely afterwards, do not brush it. Call your bank and make them know what happened. You can freeze your card to stop unauthorized payments and issue a new for more security. You must also ask them to control your account more closely for a while. In addition to that, place a fraud alert with a credit office so that no one can easily open a new credit line to your name.
7) Consider registering identity theft protection services: If it has been the target of a sophisticated scam as Supercard X, there is the possibility that your personal information, not only your card data, can be at risk. Identity theft companies can monitor personal information, such as their social security number, telephone number and email address, and alert it if it is sold on the dark website or used to open an account. They can also help you freeze your bank and credit card accounts to avoid greater unauthorized use by criminals. See my advice and the best selections on how to protect yourself from identity theft.
8) Report the scam to its national authority of cyber crimes: Whether you have lost money or not, informing the scam helps the authorities to track emerging threats and warn others. You can inform such fraud to the FBI Internet crime complaints center or the Federal Commission. Your report could help catch people behind the scam or at least close their infrastructure.
How sure is my password? Use this test to find out
Kurt key takeway
The Supercard X malware campaign represents a significant change in how cybercriminals are aimed at financial individuals and institutions. When exploiting NFC technology and combining it with social engineering tactics, attackers have found a way to avoid traditional fraud detection systems. What is especially worrying is how fast these attacks develop, which makes them more difficult to detect before the damage is done. As this threat evolves, it is important that both consumers and institutions recognize the potential risks of these multicapa fraud strategies.
Do you think Google is doing enough to protect you from malware? Get us knowing in Cyberguy.com/contact.
To obtain more technological tips and safety alerts, subscribe to my free Cyberguy Report newsletter when you head Cyberguy.com/newsletter.
Ask Kurt a question or let us know what stories we would like to cover.
Follow Kurt in his social channels:
- YouTube
Answers to the most informed Cyberguys questions:
- What is the best way to protect your MAC devices, Windows, iPhone and Android to be pirate?
- What is the best way to stay private, safe and anonymous while navigating the web?
- How can I get rid of robocalls with applications and elimination services D E data?
- How do I eliminate my private internet data?
New Kurt:
- Try the new Cyberguy games (crosswords, words searches, trivia and more!)
- Cyberguy exclusive coupons and offers
Copyright 2025 Cyberguy.com. All rights reserved.
Kurt “Cyberguy” Knutsson is a award -winning technological journalist who has a deep love for technology, equipment and devices that improve life with their contributions for News & News Business that start the mornings in “News & Friends”. Do you have a technological question? Get the free Kurt’s free newsletter, share your voice, an idea of the story or comment on Cyberguy.com.