Accommodation Dubai
MENU
    • Loading ...
    • Loading ...
  • Loading ...
  • Loading ...
Main Pages
Top Cities
Top Regions
Top Districts
Top Countries
booking

Accommodation Dubai

Latest News

Android scam lets hackers use your credit card remotely

21 May 2025 By foxnews

Android scam lets hackers use your credit card remotely

Accommodation Dubai introduces

Scammers are always coming up with new tricks. Just when you start feeling confident about spotting phishing emails, suspicious links and fake banking apps, they find a new angle. Lately, they have been getting more creative, turning to the built-in features of our phones to pull off their schemes. One of the latest targets is NFC, the technology behind tap-to-pay. 

It might seem harmless, but a new scam is using it in ways most people would never expect. An Android malware called SuperCard goes beyond just stealing your card details. It gives attackers the ability to use your card remotely for real transactions. And the worst part is that it all begins with something as simple as a text message.

Join the FREE "CyberGuy Report": Get my expert tech tips, critical security alerts and exclusive deals, plus instant access to my free "Ultimate Scam Survival Guide" when you sign up!

SuperCard X stands out from other Android malware because of how it operates. As reported by researchers at Cleafy, instead of stealing usernames, passwords or verification codes, it uses a method called NFC relay. This allows attackers to copy card data from a victim's device in real time and use it elsewhere to make payments or withdraw cash. The process does not require physical access to the card or knowledge of the PIN.

The malware is offered through a Malware-as-a-Service model, which means different cybercriminals can use it in their own regions. This makes the threat more scalable and harder to contain. Unlike most banking trojans, SuperCard X is not focused on one specific institution. It targets any cardholder regardless of which bank issued their card.

Another key difference is how stealthy the malware is. It uses minimal permissions and does not include extra features that would make it easier to detect. This lean approach helps it avoid detection by antivirus software and allows it to operate quietly on infected devices.

200 MILLION SOCIAL MEDIA RECORDS LEAKED IN MAJOR X DATA BREACH

The fraud begins with a message sent through SMS or WhatsApp. It pretends to be from a bank and warns the recipient about a suspicious transaction. The message includes a phone number and urges the person to call to resolve the issue. This is the first step in gaining the victim's trust.

Once on the phone, the attacker poses as a bank representative and walks the victim through a fake security process. This may include asking them to confirm personal details or adjust settings in their mobile banking app, such as removing spending limits on their card.

Next, the attacker asks the victim to install a mobile app that is described as a tool to verify the account or enhance security. In reality, this app contains the SuperCard X malware. After the installation, the attacker instructs the victim to tap their card against the phone. The malware then captures the NFC data from the card and sends it to a second phone controlled by the attacker.

Using the copied data, the attacker can make contactless payments or make ATM withdrawals almost instantly. This method allows them to steal funds quickly and leaves little opportunity for banks or victims to intervene in time.

MALWARE EXPOSES 3.9 BILLION PASSWORDS IN HUGE CYBERSECURITY THREAT

1) Be cautious of suspicious texts and calls. Use strong antivirus software: Fraudulent campaigns often begin with an SMS or call that seems to come from your bank. These messages usually claim there's suspicious activity on your account and urge you to click a link or dial a number to resolve the issue. However, this is a tactic used to gain access to your personal information. Always approach such messages with skepticism.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

2) Avoid installing apps from untrusted sources: One of the key ways malware like SuperCard X spreads is through deceptive apps that victims are persuaded to install. These apps often look harmless, posing as tools for security or account verification. If you receive a link to download an app via SMS, email or messaging apps like WhatsApp, do not click on it. Instead, only download apps from trusted sources, such as the Google Play Store. Additionally, carefully review app permissions and avoid granting unnecessary access, particularly to sensitive data like NFC, location or personal contacts.

3) Turn off NFC when not in use: NFC, or Near Field Communication, is a useful feature that allows contactless payments and data exchanges. However, it can be exploited by attackers to capture your card information without you even realizing it. To minimize your risk of falling victim to NFC-based malware like SuperCard X, turn off NFC when you're not actively using it. 

On most Android devices, you can do this by going to "Settings," then "Connected Devices" or "Connection Preferences," where you'll find the NFC toggle. By disabling NFC, your phone won't transmit data wirelessly, which helps protect your payment card information from being stolen by nearby attackers.

4) Keep a close eye on your bank accounts and cards: If your device has come into contact with the SuperCard or anything similar, it's possible your banking details are already compromised. That's why it's important to regularly check your transaction history for anything odd, like a small payment you don't remember making or a charge from a strange location could be a sign of misuse. If you spot anything suspicious, report it to your bank right away. It's also worth checking your credit reports every now and then to catch signs of identity theft before they snowball into bigger issues.

5) Use a personal data removal service: If scammers have targeted you once, there's a higher chance they'll try again, especially if your personal details (like your phone number, address or email) are easily found online. Data removal services scan people-search sites and brokers, then request the removal of your info. This reduces your exposure and helps prevent future phishing or social engineering attacks.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren't cheap and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It's what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you. Check out my top picks for data removal services here.

6) Contact your bank and freeze your cards: If you think you've tapped or handled a suspicious card, or if your phone acted strangely afterward, don't brush it off. Call your bank and let them know what happened. They can freeze your card to stop any unauthorized payments and issue a new one for added safety. You should also ask them to monitor your account more closely for a while. On top of that, place a fraud alert with a credit bureau so no one can easily open a new line of credit in your name.

7) Consider enrolling in identity theft protection services: If you've been targeted by a sophisticated scam like SuperCard X, there's a chance your personal information, not just your card data, may be at risk. Identity theft companies can monitor personal information, like your Social Security number, phone number and email address, and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. See my tips and best picks on how to protect yourself from identity theft.

8) Report the scam to your national cybercrime authority: Whether or not you lost money, reporting the scam helps authorities track emerging threats and warn others. You can report such fraud to the FBI's Internet Crime Complaint Center or the Federal Trade Commission. Your report could help catch the people behind the scam or at least shut down their infrastructure.

HOW SECURE IS MY PASSWORD? USE THIS TEST TO FIND OUT

The SuperCard X malware campaign represents a significant shift in how cybercriminals are targeting individuals and financial institutions. By exploiting NFC technology and combining it with social engineering tactics, attackers have found a way to bypass traditional fraud detection systems. What's especially concerning is how quickly these attacks unfold, making them harder to detect before the damage is done. As this threat evolves, it's important for both consumers and institutions to recognize the potential risks of these multilayered fraud strategies.

Do you think Google is doing enough to protect you from malware? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most-asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.

Are you looking for a holiday? Get special deals.

 

More News

Booking.com
Peek-a-boo, Big Tech sees you: Expert warns just 20 cloud images can make an AI deepfake video of your child
Peek-a-boo, Big Tech sees you: Expert warns just 20 cloud images can make an AI deepfake video of your child
Chevy makes history at Daytona 500 with first electric pace car
Chevy makes history at Daytona 500 with first electric pace car
How to remove your personal info from people-search sites
How to remove your personal info from people-search sites
Expert identifies ancient 'propaganda' praising pharaoh who may have challenged Moses
Expert identifies ancient 'propaganda' praising pharaoh who may have challenged Moses
Deion Sanders sends cryptic message calling out 'false stories'
Deion Sanders sends cryptic message calling out 'false stories'
Fever's Sophie Cunningham denies allegation of affair with WNBA team executive
Fever's Sophie Cunningham denies allegation of affair with WNBA team executive
Joe Scarborough admits he was 'obviously wrong' about 'best Biden ever' comments
Joe Scarborough admits he was 'obviously wrong' about 'best Biden ever' comments
Amazon's Memorial Day sale is underway, shop the best deals for up to 65% off
Amazon's Memorial Day sale is underway, shop the best deals for up to 65% off
DAVID MARCUS: The invisible hand that governed America during Biden years
DAVID MARCUS: The invisible hand that governed America during Biden years
Rare 2,300-year-old gold ring discovered in Jerusalem's City of David
Rare 2,300-year-old gold ring discovered in Jerusalem's City of David
Two more arrested for allegedly aiding New Orleans jailbreak fugitives
Two more arrested for allegedly aiding New Orleans jailbreak fugitives
'Cheers' star George Wendt scored iconic role with a 1-word audition
'Cheers' star George Wendt scored iconic role with a 1-word audition
Washington Post urges Congress act to prevent another cover-up of president's health amid Biden revelations
Washington Post urges Congress act to prevent another cover-up of president's health amid Biden revelations
Alan Alda's Parkinson's disease management has become 'almost a full-time job'
Alan Alda's Parkinson's disease management has become 'almost a full-time job'
Illinois town moves to seize Pope Leo XIV's childhood home through eminent domain, convert to historic site
Illinois town moves to seize Pope Leo XIV's childhood home through eminent domain, convert to historic site
EXCLUSIVE VIDEO: DHS nabs numerous suspects in dramatic sting of rival LA gangs
EXCLUSIVE VIDEO: DHS nabs numerous suspects in dramatic sting of rival LA gangs
Fox News Sports Huddle Newsletter: Indy 500 ready for green flag
Fox News Sports Huddle Newsletter: Indy 500 ready for green flag
Fugitive accused of several bank robberies extradited to US after years of hiding in Ukraine
Fugitive accused of several bank robberies extradited to US after years of hiding in Ukraine
NASCAR star Ryan Blaney to showcase Bodyarmor Chill design on car for Coca-Cola 600
NASCAR star Ryan Blaney to showcase Bodyarmor Chill design on car for Coca-Cola 600
Walker Buehler of Red Sox appears to take shot at Mets' Francisco Lindor after ejection
Walker Buehler of Red Sox appears to take shot at Mets' Francisco Lindor after ejection
Latest News
ACCOMMODATION DUBAI

Promote Your Business with Accommodation Dubai.

Providing first class business listings that deliver results for both users and businesses. Please Press Claim Listing if you are the business owner.

TOP REGIONS

All Regions
Ras Al Khaimah
Fujairah
Umm Al Quwain
Dubai
Ajman
Abu Dhabi
Sharjah

TOP CITIES

All Cities
Dubai
Ra S Al Khaymah
Abu Dhabi
Al Fujayrah
Ajman Uae
Sharjah
Al Ayn

TOP DISTRICTS

All Districts

OUR PARTNERS

New Zealand Accommodation
Restaurant Find
Accommodation Bahrain
Tourism Manager
Tourism Bookings NZ
Tourism Bookings
Accommodation New Zealand
Tourism Manager
Accommodation Australia
USA Australia UK India Germany China France

copyright © 2025 Accommodation Dubai.   All rights reserved.

Accommodation Dubai Listings

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z