a hacker with mobile in one hand and card in another hand

In a troubling development for mobile payment security, cybersecurity experts have uncovered a sophisticated new strain of malware called “SuperCard” that targets Android devices to steal payment card information.

This malicious application, a modified version of the legitimate NFCGate program, intercepts Near Field Communication (NFC) traffic during contactless payments, effectively transforming compromised phones into relay devices that transmit sensitive financial data directly to attackers.

First detected in April 2025 by the Italian security firm Cleafy, SuperCard initially focused on European banking customers before expanding its reach. The malware operates as part of a well-organized “malware-as-a-service” (MaaS) platform known as SuperCard X, which cybercriminals can subscribe to via underground Telegram channels.

a hacker with mobile in one hand and card in another handa hacker with mobile in one hand and card in another hand

Unlike previous NFC-exploiting threats, SuperCard offers subscribers advanced customer support services, highlighting the increasingly professional nature of today’s cybercrime ecosystem.

Infection Mechanism and Data Exfiltration The attack begins with social engineering tactics, where victims receive messages from seemingly legitimate sources urging them to install what appears to be a useful application. Once installed, the malware requests permissions to access the device’s NFC module and payment systems, establishing itself as the default payment handler.

The sophistication of SuperCard lies in its multi-stage infection process. After installation, the malware remains dormant until it detects a payment transaction. When a user attempts to make a contactless payment, SuperCard activates in the background, capturing the transaction data while allowing the legitimate payment to proceed.

a hacker stealing mobile data using carda hacker stealing mobile data using card

This stealthy approach ensures that victims remain unaware of the compromise while their card details are transmitted to command-and-control servers.

F6 security analysts report that SuperCard has already compromised over 175,000 Android devices in Russia alone, with damages exceeding 432 million rubles in the first quarter of 2025. The malware’s rapid global spread underscores the evolving threat landscape for mobile payment systems, emphasizing the need for users to exercise extreme caution when installing applications, even those that appear legitimate.