Malware targets Android users

Android malware drains bank accounts via NFC relay attacks

A new piece of Android malware, known as SuperCard-X, has cybersecurity experts on high alert. The malware abuses a phone’s NFC functionality to perform relay attacks that allow cybercriminals to make contactless payments using stolen card credentials. All it takes is an infected device and a single tap near a payment terminal.

The malware turns your phone into a payment tool for attackers

SuperCard-X targets Android phones that have NFC enabled. Once installed, it can simulate a contactless payment by forwarding transaction data to an external server controlled by the attackers. From there, the server relays the request to a cloned card image or another compromised payment method. The response is sent back through the phone to the payment terminal, completing the transaction in real time.

Because NFC is designed for quick and seamless communication, the entire process happens in milliseconds. The device owner does not see or hear anything unusual, and there is no need for them to confirm or approve the transaction. Explore how malware like this works and how to defend against it.

No phishing, no tapping, no warning

Unlike most mobile banking malware, SuperCard-X does not rely on social engineering or overlays. It does not steal login credentials or wait for a user to open their banking app. Instead, it acts silently in the background. As long as the device has NFC turned on and is close to a terminal, attackers can use it to make fraudulent payments.

This makes the malware especially dangerous. Victims may not notice any warning signs, and many Android users keep NFC enabled by default for convenience.

How devices are infected

Researchers believe that the malware is spread through sideloaded apps and phishing campaigns. Infected apps may pose as utilities or updates, tricking users into granting permissions that allow background processes and NFC access.

There is also concern that the malware could be bundled with dropper apps or distributed through unofficial app stores, making it harder for users to detect and avoid.

Who is at risk

Android users with NFC-enabled phones are the main targets. The more people keep NFC switched on, the more likely it is that attackers can carry out relay attacks in busy areas like public transport, shopping centres or offices.

There is no evidence that iPhones are affected, since iOS has more restrictions on NFC usage and background access.

How to protect your device

To reduce the risk of infection or misuse, Android users should:

• Disable NFC when not using it

• Avoid downloading apps from unofficial sources

• Regularly check app permissions, especially for NFC and payment access

• Keep their operating system and apps up to date

• Use trusted mobile security tools that can detect abnormal behaviour

One tap is all it takes

SuperCard-X is a reminder of how easily cybercriminals can turn everyday convenience into attack vectors. Contactless payments are fast and seamless for users — and now for attackers too.

As mobile malware continues to evolve, staying aware of new threats and maintaining good digital hygiene are key to protecting your finances and personal data. This isn't the first time attackers have exploited device features without user interaction. For instance, a zero-click attack on WhatsApp allowed hackers to install spyware without any user action. Similarly, Signal accounts were hijacked via malicious QR codes, demonstrating how trusted functionalities can be manipulated for unauthorized access.