Skip to main content Tom's Guide Tom's Guide Search Tom's Guide View Profile Newsletters Best Picks Entertainment Nintendo Switch 2 Tariff tracker Best Mattress Wordle Today Online Security Malware & Adware Hackers are impersonating banks to infect your Android phone with credit card-stealing malware Anthony Spadafora 21 April 2025 They then emulate your stolen credit cards to make contactless payments and ATM withdrawals When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. (Image credit: Shutterstock) Hackers love using malware to go after your credit card details but a new malware-as-a-service platform makes it incredibly easy for them to use these stolen cards in person at stores and even at ATMs. As reported by BleepingComputer, SuperCard X is the platform in question and it’s currently being used to target the best Android phones via NFC relay attacks. With your credit card details in hand, the hackers behind this campaign then use them to make small transactions and withdrawals at ATMs to avoid having them flagged as fraudulent. Discovered by the mobile security firm Cleafy, SuperCard X bears a lot of similarities to the NGate malware I covered last summer. It too uses contactless cards to commit fraud by taking over a vulnerable device’s NFC capabilities. You may like This Android banking trojan steals passwords to take over your accounts — and all it takes is a single text message Malicious Android apps with 60 million installs bombarding phones with ads and phishing attacks — how to stay safe Here’s everything you need to know about this new Android malware threat, how to avoid falling victim to it and some tips and tricks to keep your phone malware-free and safe from hackers. From phishing to social engineering to fraud Just like with other malware attacks, this one begins with a victim receiving a text message or a WhatsApp message impersonating their bank. This phishing message claims that they need to call a number to resolve issues with their account caused by a suspicious transaction. The hackers behind this campaign pose as bank support on the other end of the call and they use social engineering to trick potential victims into “confirming” their card number and PIN. From there, they then try to convince the victim to remove spending limits via their banking app which is definitely a red flag as no bank would try to do something like this over the phone. To gain access to their credit cards, the hackers convince victims to install a malicious app called Reader that’s disguised as either a security or verification tool. As you may have guessed, it contains the SuperCard X malware. Sign up to get the BEST of Tom's Guide direct to your inbox. Get instant access to breaking news, the hottest reviews, great deals and helpful tips. Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over. (Image credit: Cleafy / Tom's Guide) After installation, the Reader app doesn’t request loads of unnecessary permissions like we’ve seen other malicious apps do in the past. Instead, it only asks for a few essential permissions with the main one being access to an Android device’s NFC module. The app then tells victims to tap their payment cards to their phone and to verify them. This allows the malware to read a card’s chip data and send it back to the hackers behind this campaign. This data arrives on a hacker-controlled phone which runs another app called Tapper which is able to emulate a victim’s card using this stolen data. The hackers then use these emulated cards to make contactless payments at stores and to withdraw small amounts of money from ATMs. Since all of these transactions are small and happen instantly, a victim’s bank likely won’t even flag them as fraudulent and reverse the charges. How to stay safe from Android malware (Image credit: Shutterstock) The good news with this campaign is that according to Cleafy’s report, SuperCard X is currently only being used by hackers and scammers in Italy. However, since it is a malware-as-a-service offering purchased on the dark web, it could easily spread to other countries and continents any day now. As such, here are a few tips and tricks to stay safe from SuperCard X and other Android malware. In this particular campaign, a random text from your bank is the kind of lure that you should know to avoid but can still fool some people due to the sense of urgency used in the message. Instead of responding to the message, you can always try looking up the phone number first. However, if the hackers or scammers spoofed your bank quite well, that number will be the same. In that case, it’s always a good idea to call your bank directly to verify something like this before responding. Another big warning sign is when the hackers behind this campaign sent potential victims a URL for an app to download to their phone. No legitimate bank would ever ask you to do something like this and instead, they’d point you to their app’s listing page on the Google Play Store. As for staying safe from Android malware, you want to make sure that Google Play Protect is enabled on your devices. This free, built-in security app checks all of the new apps you download as well as the existing ones on your phone or tablet for malware. For additional protection though, you might want to consider running one of the best Android antivirus apps alongside it. Now that SuperCard X is being used in attacks in the wild, I wouldn’t be surprised if other hackers and scammers started using this new malware-as-a-service in attacks in the U.S. and other countries. By practicing good cyber hygiene and staying up to date on the latest threats (by reading this and other security articles on Tom’s Guide), you’ll be prepared to recognize the warning signs before it’s too late. More from Tom's Guide Samsung phone security flaw leaves passwords exposed — protect yourself now Do you really need to pay for antivirus software? FBI warns hackers are using fake PDF converters to spread malware and steal your passwords Today's best Bitdefender Mobile Security deals Bitdefender Mobile Security at Bitdefender See more Computing News Anthony Spadafora Social Links Navigation Managing Editor Security and Home Office Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home. You must confirm your public display name before commenting Please logout and then login again, you will then be prompted to enter your display name. This Android banking trojan steals passwords to take over your accounts — and all it takes is a single text message Malicious Android apps with 60 million installs bombarding phones with ads and phishing attacks — how to stay safe Hackers are posing as Apple and Google to infect Macs with malware — don’t fall for these fake browser updates FBI issues serious warning to iPhone and Android users — stop answering these calls ASAP Hackers are spreading info-stealing malware and taking over accounts using fake wedding invitations — how to stay safe Hackers are using fake Google Play Store pages to infect Android phones with a dangerous trojan — how to stay safe Latest in Malware & Adware Hackers are impersonating banks to infect your Android phone with credit card-stealing malware FBI issues warning — hackers are using fake PDF converters to spread malware and steal your passwords Hackers are using fake Google Play Store pages to infect Android phones with a dangerous trojan — how to stay safe Dangerous Windows malware can hijack your PC, hold it for ransom, steal your passwords and even let hackers spy on you Fake Zoom installer tries to trick users into installing dangerous ransomware – here’s how to stay safe This dangerous new Windows malware hides from your antivirus while impersonating a popular PC brand Latest in News Hackers are impersonating banks to infect your Android phone with credit card-stealing malware iOS 19 reportedly dropping support for these iPhones Google Photos is getting a huge upgrade for millions to boost your old pics When is 'Sinners' coming to streaming? Here's our best guess on when you can watch on Max Over 400,000 phone chargers recalled due to fire risk — what to do now Reddit was down — what happened during major outage LATEST ARTICLES Google Photos is getting a huge upgrade for millions to boost your old pics The coolest golf gear used by Justin Thomas and other pros at the RBC Heritage — and where to buy it iOS 19 reportedly dropping support for these iPhones When is 'Sinners' coming to streaming? Here's our best guess on when you can watch on Max Save $300 off this killer RTX 4070 gaming laptop Tom's Guide is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site. Terms and conditions Contact Future's experts Privacy policy Cookies policy Accessibility Statement Advertise with us Future US, Inc. Full 7th Floor, 130 West 42nd Street, Please login or signup to comment Please wait...