Latest news with #Cleafy
Fox News
20-05-2025
- Fox News
Android scam lets hackers use your credit card remotely
Scammers are always coming up with new tricks. Just when you start feeling confident about spotting phishing emails, suspicious links and fake banking apps, they find a new angle. Lately, they have been getting more creative, turning to the built-in features of our phones to pull off their schemes. One of the latest targets is NFC, the technology behind tap-to-pay. It might seem harmless, but a new scam is using it in ways most people would never expect. An Android malware called SuperCard goes beyond just stealing your card details. It gives attackers the ability to use your card remotely for real transactions. And the worst part is that it all begins with something as simple as a text message. SuperCard X stands out from other Android malware because of how it operates. As reported by researchers at Cleafy, instead of stealing usernames, passwords or verification codes, it uses a method called NFC relay. This allows attackers to copy card data from a victim's device in real time and use it elsewhere to make payments or withdraw cash. The process does not require physical access to the card or knowledge of the PIN. The malware is offered through a Malware-as-a-Service model, which means different cybercriminals can use it in their own regions. This makes the threat more scalable and harder to contain. Unlike most banking trojans, SuperCard X is not focused on one specific institution. It targets any cardholder regardless of which bank issued their card. Another key difference is how stealthy the malware is. It uses minimal permissions and does not include extra features that would make it easier to detect. This lean approach helps it avoid detection by antivirus software and allows it to operate quietly on infected devices. The fraud begins with a message sent through SMS or WhatsApp. It pretends to be from a bank and warns the recipient about a suspicious transaction. The message includes a phone number and urges the person to call to resolve the issue. This is the first step in gaining the victim's trust. Once on the phone, the attacker poses as a bank representative and walks the victim through a fake security process. This may include asking them to confirm personal details or adjust settings in their mobile banking app, such as removing spending limits on their card. Next, the attacker asks the victim to install a mobile app that is described as a tool to verify the account or enhance security. In reality, this app contains the SuperCard X malware. After the installation, the attacker instructs the victim to tap their card against the phone. The malware then captures the NFC data from the card and sends it to a second phone controlled by the attacker. Using the copied data, the attacker can make contactless payments or make ATM withdrawals almost instantly. This method allows them to steal funds quickly and leaves little opportunity for banks or victims to intervene in time. 1) Be cautious of suspicious texts and calls. Use strong antivirus software: Fraudulent campaigns often begin with an SMS or call that seems to come from your bank. These messages usually claim there's suspicious activity on your account and urge you to click a link or dial a number to resolve the issue. However, this is a tactic used to gain access to your personal information. Always approach such messages with skepticism. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices. 2) Avoid installing apps from untrusted sources: One of the key ways malware like SuperCard X spreads is through deceptive apps that victims are persuaded to install. These apps often look harmless, posing as tools for security or account verification. If you receive a link to download an app via SMS, email or messaging apps like WhatsApp, do not click on it. Instead, only download apps from trusted sources, such as the Google Play Store. Additionally, carefully review app permissions and avoid granting unnecessary access, particularly to sensitive data like NFC, location or personal contacts. 3) Turn off NFC when not in use: NFC, or Near Field Communication, is a useful feature that allows contactless payments and data exchanges. However, it can be exploited by attackers to capture your card information without you even realizing it. To minimize your risk of falling victim to NFC-based malware like SuperCard X, turn off NFC when you're not actively using it. On most Android devices, you can do this by going to "Settings," then "Connected Devices" or "Connection Preferences," where you'll find the NFC toggle. By disabling NFC, your phone won't transmit data wirelessly, which helps protect your payment card information from being stolen by nearby attackers. 4) Keep a close eye on your bank accounts and cards: If your device has come into contact with the SuperCard or anything similar, it's possible your banking details are already compromised. That's why it's important to regularly check your transaction history for anything odd, like a small payment you don't remember making or a charge from a strange location could be a sign of misuse. If you spot anything suspicious, report it to your bank right away. It's also worth checking your credit reports every now and then to catch signs of identity theft before they snowball into bigger issues. 5) Use a personal data removal service: If scammers have targeted you once, there's a higher chance they'll try again, especially if your personal details (like your phone number, address or email) are easily found online. Data removal services scan people-search sites and brokers, then request the removal of your info. This reduces your exposure and helps prevent future phishing or social engineering attacks. While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren't cheap and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It's what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you. Check out my top picks for data removal services here. 6) Contact your bank and freeze your cards: If you think you've tapped or handled a suspicious card, or if your phone acted strangely afterward, don't brush it off. Call your bank and let them know what happened. They can freeze your card to stop any unauthorized payments and issue a new one for added safety. You should also ask them to monitor your account more closely for a while. On top of that, place a fraud alert with a credit bureau so no one can easily open a new line of credit in your name. 7) Consider enrolling in identity theft protection services: If you've been targeted by a sophisticated scam like SuperCard X, there's a chance your personal information, not just your card data, may be at risk. Identity theft companies can monitor personal information, like your Social Security number, phone number and email address, and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. See my tips and best picks on how to protect yourself from identity theft. 8) Report the scam to your national cybercrime authority: Whether or not you lost money, reporting the scam helps authorities track emerging threats and warn others. You can report such fraud to the FBI's Internet Crime Complaint Center or the Federal Trade Commission. Your report could help catch the people behind the scam or at least shut down their infrastructure. The SuperCard X malware campaign represents a significant shift in how cybercriminals are targeting individuals and financial institutions. By exploiting NFC technology and combining it with social engineering tactics, attackers have found a way to bypass traditional fraud detection systems. What's especially concerning is how quickly these attacks unfold, making them harder to detect before the damage is done. As this threat evolves, it's important for both consumers and institutions to recognize the potential risks of these multilayered fraud strategies. Do you think Google is doing enough to protect you from malware? Let us know by writing us at For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Follow Kurt on his social channels: Answers to the most-asked CyberGuy questions: New from Kurt: Copyright 2025 All rights reserved.
Daily Mirror
22-04-2025
- Daily Mirror
Android users must check one phone setting now - ignoring new alert may be costly
There's a worrying new Android scam doing the rounds but a simple settings check will stop you from becoming its next victim. Android users need to watch out for a scary new scam that could see their bank accounts raided and money stolen. The latest alert has been issued after security experts at Cleafy spotted a worrying trend that uses a bug called Supercard X to try and steal cash from unsuspecting users. This new attack is more complicated than most, but those who are fooled could see their accounts drained without them ever knowing anything is wrong. According to Cleafy, the threat begins via a simple text message which is sent out to Android phones. The note, which appears to have come from the user's bank, explains that there has been some suspicious activity on their account. A number is included with the recipient of the text, then urged to call for help without delay. Once dialled, scammers then answer the phone and attempt to trick the user into handing over account details and PIN numbers. If that wasn't bad enough, they are also told to download a new "security" app (called Reader) and then tap their bank card on their phone to verify that things are working. Sadly, the application isn't going to stop any banking threats and actually contains the harmful Supercard X bug, which then transmits data from the debit card to the scammer's phone. Once completed, hackers then have everything they need to pay for goods using the victim's card. During the call, they even try and get the user to turn off any spending limits, which means even more money can be taken. "The Cleafy Threat Intelligence team has identified a new and sophisticated Android malware campaign, dubbed 'SuperCard X'," Cleafy explained. "This campaign employs a novel NFC-relay technique, enabling Threat Actors to fraudulently authorise Point-of-Sale payments and Automated Teller Machine (ATM) withdrawals by intercepting and relaying NFC communications from compromised devices. The malware is distributed through Social Engineering tactics, deceiving victims into installing the malicious application and subsequently 'tapping' their payment cards on their infected phones." It's unclear how many people have been targeted so far but reports suggest the majority of attacks are currently located in Italy. Although the UK appears unaffected for now, it's always good to know about these types of attacks and to stay alert. Now is also a good time to check your Android phone and make sure Google 's Play Protect setting is turned on as this should block any dangerous apps from being installed. Google is also keen to point out that no apps on its Play Store have yet to infected with the Supercard X bug. Expalining more about this service, Google said: "Based on our current detection, no apps containing this malware are found on Google Play. Android users are automatically protected by Google Play Protect, which is on by default on Android devices with Google Play Services. Google Play Protect can warn users or block apps known to exhibit malicious behavior, even when those apps come from sources outside of Play."
Forbes
22-04-2025
- Forbes
Do Not Make Calls On Your Phone If You Get This Message
Do not make cvalls if yoiu see this message. Update: Republished on April 22 with new scam message update from WhatsApp. Your phone, your data and your money are at risk. There is a surge in Chinese attacks against iPhone and Android users in America and Europe, driven by sophisticated platforms designed in China and operated by organized gangs of cyber criminals. With millions of smartphones targeted, you will come under attack. And it all starts with a dangerous message on your phone, per the latest warning of one such attack. Package delivery and unpaid toll texts have taken most of the headlines, but an even worse threat is proving a nightmare for phone users. This is where a helpful bank or technical support employee reaches out to let you know there's a problem and to help you fix it. This could be to protect your phone or computer from an attack or to protect your money from an ongoing fraud in real time. We even now have fake police officers and federal agents contacting citizens to solicit payment to avoid arrest. All these calls are dangerous scams. Every single one of them. As the FBI has warned, no tech support desk or bank or law enforcement official will ever reach out to you for any of these reasons. Do not take or make these calls. And if you receive a text or email that you find worrying, use publicly available channels to find a number or email address for the organization, and contact them directly. The latest warning from the team at Cleafy is yet more of the same. The new threat is frighteningly sophisticated. 'A significant new trend,' it says, 'challenging traditional banking institutions, payment institutions, and card issuers [with] This attack starts with an urgent text or WhatsApp message 'impersonating bank security alerts, notifying users of a suspicious outgoing payment. The message prompts potential victims to call a specific number to dispute the transaction.' Once you make that call, you will be tricked into checking your banking app, confirming your PIN and — here's the novel bit — holding your bank card near your phone so the threat actors can read the details of the card using NFC and then make contactless transactions. The threat actors, Cleafy explains, 'persuade the victim to install a seemingly innocuous application. A link to this malicious app, often disguised as a security tool or a verification utility, is sent via SMS or WhatsApp. Without the victim's knowledge, this application hides the SuperCard X malware, incorporating the NFC-relay functionality.' New attack on smartphone users. Cleafy explains the manipulation of a victim comes in three parts: Once your card has been read, the attackers initiate 'contactless payments at POS terminals or, more alarmingly, contactless cash withdrawals at ATMs.' We have seen other NFC vulnerabilities exposed, but this remote attack combined with the surge in text scams makes this easily scaleable with no need for physical proximity to victims. Just as with other scams — including the fake Google emails doing the rounds this week, the key isn't to dissect the technical cleverness of the attack, albeit it is clever. The key is to ensure smartphone users know never to take or make these calls. Once a scammer has you on the phone, they have a good chance of stealing from you. This is what they do for a living, and they're often frighteningly good at it. None of the objections you raise will be new to them, they're well rehearsed. Don't put yourself at risk. Your bank will never reach out to you in this way — do not call any of those numbers if you receive any of those messages. It really is as simple as the majority of scams that start with messages use SMS texts, so-called smishing, this latest attack also uses WhatsApp messages to hook victims. WhatsApp is currently running a campaign to warn users 'you always have the option to block unwanted contacts or messages. When you block a contact, you'll stop receiving calls, messages and Status updates from that person." The platform is also advising users that they can 'also block high volumes of unknown messages,' by going to 'Settings > Privacy > Advanced > Block unknown account numbers.' What this highlights is that WhatsApp isn't immune from such abuse, albeit it's much rarer. As a rule, be very wary of any messages from unknown numbers unless you're expecting the contact and know who it is. What's also critical is not to click links or open attachments from unknown numbers. Fortunately, 'if someone who isn't saved to your contacts sends you a link, you won't be able to tap or click on it to open it,' WhatsApp says. 'You can choose to save their phone number to your contacts if you know or trust the person. You should then be able to tap or click any links they send to open it.' There are also protections built into group messages, given you cvan be added to a group. 'When you're added to a group with people who aren't saved to your contacts, you'll need to message the group to tap or click on any links.'
Forbes
22-04-2025
- Forbes
New Android Warning — This TOAD Malware Attack Steals Cash From ATMs
Android SuperCard X TOAD attack puts ATM and PoS transactions at risk. Most Android malware is after one thing: your passwords. That's just the way it is these days, with infostealer malware firmly at the top of the cyber attack tree. Some attacks can lead directly to attacks on your bank balance, as recently detailed in a new report warning of smartphone PIN code threats. Now, it would seem, one group of threat actors has moved things up a gear or two with a complex campaign involving Android malware, a telephone-oriented attack delivery methodology, and, ultimately, the theft of your cash from to the weird and worrying world of SuperCard X TOAD attacks. Threat intelligence experts Federico Valentini, Alessandro Strino and Michele Roviello, from fraud detection platform Cleafy, have reported how a 'new and sophisticated Android malware campaign' called SuperCard X is intercepting and relaying near field communication messages from compromised devices to facilitate fraudulent ATM cash withdrawals. Yes, really. This malware can steal cash from ATMs. 'The innovative combination of malware and NFC relay empowers attackers to perform fraudulent cash-outs with debit and credit cards,' the researchers said, adding that it has demonstrated high success rates when targeting contactless ATM withdrawals. The attack execution begins with, you guessed it, targeting social engineering tactics. The phishing messages, typically delivered by way of SMS or WhatsApp, use brand impersonation to leverage trust and add the necessary urgency to the fraud. By alerting victims to a suspicious outgoing payment, which is purported to be a bank fraud security alert, the user is prompted to call a support telephone number as a matter of some urgency. This is where the TOAD enters the equation. A telephone-oriented attack delivery allows the fraudsters to manipulate victims directly during phone conversations. In the case of SuperCard X attacks, that manipulation flows as follows: The clever bit, assuming all of that social engineering has been successful, is that those card details are relayed in real-time to a second, attacker-controlled Android phone, used to make the contactless ATM withdrawals. If this threat expands, Randolph Barr, chief information security officer at Cequence, told me, it will likely be due to users falling victim to social engineering and being convinced to disable built-in security protections. Obviously, that's a massive red flag, as no legitimate organization would ever ask you to do such a thing. 'This attack highlights the importance of understanding what an app does before installing or sideloading it,' Barr said while advising that Google Play offers protections against such malicious apps and should be used rather than introducing the risk of sideloading applications from other sources. 'There are ways to recognize and prevent TOAD-style attacks,' Barr concluded, suggesting that validating the legitimacy of any such request before acting on it is a great starting point. A Google spokesperson confirmed this advice in a statement: 'Based on our current detection, no apps containing this malware are found on Google Play. Android users are automatically protected by Google Play Protect, which is on by default on Android devices with Google Play Services.'
Scottish Sun
21-04-2025
- Scottish Sun
Urgent warning over ‘sophisticated' new mobile attack that allows hackers to empty bank accounts instantly
APP-SURD! Urgent warning over 'sophisticated' new mobile attack that allows hackers to empty bank accounts instantly Click to share on X/Twitter (Opens in new window) Click to share on Facebook (Opens in new window) A SOPHISTICATED new scam attack that allows cyber thieves to instantly access the money of victims has been uncovered by experts. The devastating scam is pulled off when targets "tap" their payment cards on their infected Android phones. Sign up for Scottish Sun newsletter Sign up 2 Dodgy apps are thought to take bank card details without you knowing Credit: Cleafy It's been dubbed "SuperCard X" and appears to be linked to Chinese-speaking threat actors, according to security firm Cleafy. The ruse begins like many others, with individuals receiving a fake text or WhatsApp message claiming to be from their bank. These messages say there has been a suspicious transaction on their account and that they need to call a number to resolve it. Fraudsters pose as bank support staff and trick victims into revealing their card number, PIN and removing spending limits within their banking app. But matters take a different turn next when the scammer tells them to install an app that's meant to be a security or verification tool. Instead, it hides the SuperCard X malware. The cyber crook finally urges the person to tap their payment card on their phone to verify it. However, this doesn't protect their account - it allows the malware to read the card chip data, which is instantly sent off to the fraudster. "As highlighted in this report, this new threat stands out from previous ones not so much due to the sophistication of the malware itself, but rather in terms of the fraud mechanism that relies on a novel technique associated with the NFC," Cleafy says. "This process allows the attacker to access the stolen funds instantly and potentially outside traditional fraud channels that typically involve bank transfers." Horror Android mistake lets crooks clone your bank card in seconds for spending spree – and even silently withdraw cash Google - which runs Android - told BleepingComputer that "no apps containing this malware are found on Google Play" based on their current detection. "Android users are automatically protected by Google Play Protect, which is on by default on Android devices with Google Play Services," a rep said. "Google Play Protect can warn users or block apps known to exhibit malicious behavior, even when those apps come from sources outside of Play." 2 The scam abuses NFC technology on phones Credit: Getty
