Cleafy threat intelligence Cyber Security Experts reported the discovery of a new large -scale malicious campaign, Supercard X. This threat is directed to Android users and uses banking data through NFC technology, and allows attackers to make contactless payments and allow them to receive cash in ATMs. About it reports BAPA COMPUTER (BC).
The distribution of Supercard X is performed with social engineering methods. The victims receive identity hunting messages on behalf of the bank (according to SMS or WhatsApp) and force them to call them back from a false number. During the call, the attackers who act as a bank employee with deception receive these cards and pin code and then convince them to establish a malicious application hidden as a security tool. This malicious program containing Supercard X is then sold as a service (salary) via closed telegraph channels.
After installation, malicious application requires minimum permission mainly, mainly accessing the NFC module. Under the excuse of “verification”, the cards are asked to install them on the smartphone. Malicious software reads data from the card chip via NFC and transfers them to the virus operator. The attackers who have received data use their own Android devices to mimic the sacrifice card, which allows them to pay contactless payments in stores and to cash in ATMs. Such operations are usually performed in a small amount to avoid attracting the attention of banking monitoring systems.
Supercard X Code Analysis has revealed significant similarity with the previously discovered Ngate virus. Chinese computer pirates are assumed to be behind the campaign. A unique combination of social engineering, malicious software and the transfer of data in NFC makes this threat highly effective for cash money, especially through contactless ATMs. Cleafy experts have already recorded such attacks in Europe.
An important feature of the Supercard X is the low level of its detection – it is not recognized by the majority of antiviral systems described by the demand of minimum permits and lack of suspicious functions.
Previously OutputIn the USA, fraudsters create students to pump financial assistance.
Source: Gazeta
Jackson Ruhl is a tech and sci-fi expert, who writes for “Social Bites”. He brings his readers the latest news and developments from the world of technology and science fiction.