A recent report by Cleafy uncovered SuperCardX, a sophisticated Malware-as-a-Service (MaaS) operation used for conducting NFC relay fraud—a technique that allows attackers to perform unauthorized contactless transactions, such as ATM banking withdrawals, by relaying communication between a victim’s device and a payment terminal. The campaign enables cybercriminals to exploit NFC-enabled devices remotely, posing a serious threat to the integrity of mobile payments and banking.
What makes SuperCardX particularly dangerous is the combination of advanced capabilities—remote device control, NFC communication relay, and credential theft—delivered through malware that is highly modular and adaptable. The report also highlights that the detection rate across the security industry is currently low, leaving many users and financial institutions exposed to this emerging threat.
Zimperium’s Mobile Threat Defense (MTD) and Mobile Runtime Protection (zDefend) solutions stand out in this context: they detect all the samples shared in the original report with high accuracy and in a zero-day fashion, thanks to their robust on-device dynamic detection engine. As attackers innovate with tactics like NFC relay fraud, Zimperium continues to provide proactive, reliable protection to stay ahead of evolving mobile threats.
For more information, read the full report here.