SuperCard Malware Hijacks Android Devices to Steal Payment Card Data and Relay it to Attackers

F6, a leading developer of technologies to combat cybercrime, has reported the emergence of SuperCard, a malicious modification of the legitimate NFCGate program, now targeting Android users globally, with recent attacks recorded in Russia.

Initially detected in Europe during spring 2025, where it struck clients of European banks, this malware surfaced in Russia by May 2025, as per F6’s Fraud Protection department.

SuperCard exploits Near Field Communication (NFC) traffic to intercept sensitive bank card data, enabling attackers to siphon funds directly from victims’ accounts.

– Advertisement –

This rapid spread within a month from its European debut to Russian attempts highlights the aggressive adaptability of cybercriminals, who appear to be testing this new strain in diverse regions without geographical restrictions.

Technical Disparities

The SuperCard malware, distributed via a Malware-as-a-Service (MaaS) platform named SuperCard X, was first flagged by Italian cybersecurity firm Cleafy in April 2025.

Unlike earlier malicious versions of NFCGate sold on the darknet, SuperCard is uniquely marketed through Telegram channels with customer support, primarily in Chinese and English, targeting users of major banks in the US, Australia, and Europe.

According to the Report, F6’s Threat Intelligence Department uncovered these channels, noting the malware’s subscription-based model and multilingual support.

Technical analysis by F6 revealed significant differences in functionality and code structure among SuperCard samples, suggesting development by multiple attacker groups.

This fragmentation indicates a dynamic ecosystem of cybercrime where tools are continuously refined.

The impact in Russia alone is staggering, with damages from NFCGate variants reaching 432 million rubles in Q1 2025, affecting over 175,000 Android devices.

As Dmitry Ermakov, head of F6’s Fraud Protection, warns, the rapid evolution of these threats evidenced by weekly new modifications poses a steep challenge, with attackers borrowing successful tactics from global campaigns to target Russian bank clients.

Protective Measures Against SuperCard Exploits

To counter SuperCard, F6 urges users to exercise caution by avoiding interactions with unknown contacts, refraining from clicking suspicious links, and installing apps only from trusted stores like Google Play or RuStore after checking reviews.

Users should also scrutinize app permissions for NFC access and default payment settings, deleting any unfamiliar or unsolicited applications.

For banks, F6 recommends bolstering anti-fraud systems with behavioral analytics, cross-channel session data, and real-time transaction risk assessment using solutions like F6 Fraud Protection.

Additional measures include verifying user geolocation and requesting physical cards during suspicious NFC transactions at ATMs.

As SuperCard continues to evolve, blending social engineering with advanced technical exploits, both individual vigilance and institutional defenses remain critical to mitigating this escalating cyber threat.

Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates