🚨 A new Android malware campaign is using NFC relay attacks to clone credit cards — and it’s nearly invisible to antivirus tools.

Security researchers have discovered 'SuperCard X', a malware-as-a-service (MaaS) platform that allows cybercriminals to steal card data and make contactless payments using compromised Android devices.

Key highlights from the report:
- Distributed via social engineering scams through fake SMS or WhatsApp messages
- Victims are tricked into installing a malicious app disguised as a bank “verification” tool
- Once installed, it uses NFC to read card chip data and sends it to a second attacker device
- Attackers use a companion app to emulate the victim’s card and make payments or ATM withdrawals

🔍 What makes it dangerous:
- SuperCard X requests minimal permissions, making it hard to detect
- It uses ATR-based card emulation and mutual TLS (mTLS) for secure communication
- Malware is not flagged by any antivirus engines on VirusTotal
- Transactions are small, instant, and look legitimate to banks — making them harder to detect or reverse

🛡️ Google responded saying Play Protect is active and currently no such apps are listed on Google Play. But since these apps spread outside the store, Android users remain at risk — especially if they sideload apps or fall for impersonation scams.

This is a textbook example of how mobile payment infrastructure is being exploited — and why NFC security deserves more attention in mobile-first threat models.

At @Efani we’re committed to helping protect high-risk users from silent, evasive mobile threats just like this.

#Cybersecurity #AndroidMalware #NFC #MobileSecurity #EfaniSecure #SuperCardX #FintechFraud #MalwareAsAService

New Android malware, SuperCard X, uses NFC relay attacks to steal payment card data. #AndroidMalware #NFCRelay #Cybersecurity

More details: https://www.bleepingcomputer.com/news/security/supercard-x-android-malware-use-stolen-cards-in-nfc-relay-attacks/ - https://www.flagthis.com/news/13492

Imagine buying a new phone only to discover it's been compromised from the factory. Some counterfeit Androids come preloaded with Triada malware that can steal your data and hijack crypto. How safe is your device?

https://thedefendopsdiaries.com/understanding-the-threat-of-triada-malware-in-counterfeit-android-devices/

#triada
#androidmalware
#cybersecurity
#malwarethreat
#infosec

Our latest summary is out, looking at an emerging Crypto-theft Trojan and a promising new recovery tool.

Stay ahead of the curve and read the full post here: https://opalsec.io/daily-news-update-sunday-march-31-2025-australia-melbourne/🔗

📱 Crocodilus Android Malware: This nasty piece of work is targeting crypto wallets by using fake overlays to steal seed phrases. It's bypassing security measures and using social engineering to gain access. Watch out for this one, especially if you have users in Turkey and Spain! 🇪🇸 🇹🇷

🛠️ Key Takeaways:
* 🔑 Steals crypto wallet seed phrases using Accessibility Logger.
* ⚠️ Bypasses Android 13 security and Play Protect.
* 🤖 Employs 23 bot commands, including call forwarding and RAT functionality.
* 📵 Hides activities with black screen overlays and muting.

💻 Microsoft's Quick Machine Recovery Tool: Microsoft is testing a new tool for Windows 11 that could be a game-changer for dealing with boot crashes caused by buggy drivers and configurations. Imagine remotely fixing those dreaded BSODs! 🚀

✨ Here's the lowdown:
* ⚙️ Remotely fixes boot crashes caused by bad drivers/configs.
* 🌐 Connects to Microsoft's servers to apply fixes.
* 🛡️ Could have made life much easier when recovering from the worldwide CrowdStrike outage from July last year.
* 🏢 Customizable for enterprise users via RemoteRemedation CSP.

Don't forget to sign up for Opalsec to get actionable insights delivered straight to your inbox! 📩 https://opalsec.io/daily-news-update-sunday-march-31-2025-australia-melbourne/#/portal/signup

Let me know your thoughts in the comments below! 👇

#CyberSecurity #InfoSec #AndroidMalware #Crocodilus #CryptoSecurity #Windows11 #Microsoft #QuickMachineRecovery #ThreatIntelligence #MalwareAnalysis #SecurityNews #CyberThreats #Vulnerability #RiskManagement #MobileSecurity #DataProtection #infosecurity

Android malware PJobRAT targets Taiwan users via fake chat apps, stealing data. #AndroidMalware #Cybersecurity #Taiwan

More details: https://thehackernews.com/2025/03/pjobrat-malware-campaign-targeted.html - https://www.flagthis.com/news/12106

Android malware now uses Microsoft's .NET MAUI framework to steal user data. #AndroidMalware #NETMAUI #Cybersecurity

More details: https://hackread.com/net-maui-exploited-in-advanced-malware-campaigns-mcafee-labs/ - https://www.flagthis.com/news/11856

🔒 Attenzione! Un nuovo malware Android elude i controlli utilizzando il framework Microsoft. #CyberSecurity #AndroidMalware

🔗 https://www.tomshw.it/smartphone/malware-android-evade-i-controlli-usando-framework-microsoft-2025-03-25

Understanding the Threat: How .NET MAUI is Changing Android Malware

https://thedefendopsdiaries.com/understanding-the-threat-how-net-maui-is-changing-android-malware/

#dotnetmaui
#androidmalware
#cybersecurity
#mobilethreats
#malwaredetection

📬 FireScam: Malware für Android kommt als Telegram Premium App
#Malware #Smartphones #AndroidMalware #Firebase #FireScam #Infostealer #RuStore #TelegramPremium https://sc.tarnkappe.info/34099b

📬 TV-Boxen für Botnet missbraucht: 1,3 Millionen Geräte betroffen
#Datenschutz #Malware #AndroidTVBoxen #AndroidMalware #AndroidVo1d #AOSP #Schadsoftware #SetTopBoxen https://sc.tarnkappe.info/88c665

Beware: 'Ajina.Banker' Android Malware Targets Your Financial Data Bypasses 2FA Via Telegram
Attention all Android users, a new threat has emerged in the form of the ‘Ajina.Banker' Android malware. This malicious software is specifically designed to target your financial data and has the ability to bypass...
#AjinaBanker #AndroidMalware #CyberSecurity #FinancialFraud #2FABypass #MalwareAlert #ProtectYourData #OnlineSafety #TechNews #CyberThreats #security #hack #telegram
https://cloudhosting.evostrix.eu/beware-ajina-banker-android-malware-targets-your-financial-data-bypasses-2fa-via-telegram/

Is your Android phone a ticking time bomb? 💣 This sneaky malware is disguised as Chrome and ready to steal your data. Don't be the next victim! Get protected now 👉 https://wp.me/peSvjo-p0
#AndroidMalware #cybersecurity #dataprotection

Free app. Free coffee. $100,000 stolen." 😱 Don't let Android malware scams ruin your life. Get the inside scoop on how to stay safe 👇 #AndroidMalware #Cybersecurity #MobileSecurity

https://wp.me/peSvjo-ol

Anatsa Banking Trojan - Targeting Android Users in Europe via Google Play: https://www.reviewspace.info/anatsa-banking-trojan-targeting-android-users-in-europe-via-google-play

#Cybersecurity #BankingTrojan #Anatsa #AndroidMalware #GooglePlay #ThreatFabric #MaliciousApps #OnlineSecurity #TechnologyNews #ReviewSpace

"🔒 Chameleon Malware's New Disguise: Hijacking Biometrics on Android 📱👁️"

The Chameleon Android banking trojan has evolved with alarming new capabilities. It now disables fingerprint and face unlock features on devices to steal PINs. This is achieved through an innovative HTML page trick, granting it Accessibility service access and disrupting biometric operations. 🚨🔓

Earlier incarnations mimicked Australian government entities and financial institutions, using keylogging and overlay attacks. Its current distribution is through the Zombinder service, posing as Google Chrome. Zombinder effectively binds malware to legitimate apps, evading detection by Google Protect and antivirus tools.

Android 13 and 14 users face increased risk. Chameleon exploits "Restricted setting" protections by guiding users through a manual process to enable Accessibility, bypassing security measures. Once access is gained, it interrupts biometric authentication, forcing PIN or password use, which the malware captures for later malicious use.

Chameleon has also integrated task scheduling via the AlarmManager API, optimizing its attack timing based on app usage data. ThreatFabric warns of this enhanced sophistication, urging caution against unofficial APK downloads and recommending regular Play Protect scans.

Stay informed, stay secure. 🛡️

Source: BleepingComputer, by Bill Toulas.

Tags: #CyberSecurity #AndroidMalware #BiometricSecurity #BankingTrojan #ChameleonMalware #Zombinder #GoogleProtect #ThreatFabric #AccessibilityService #MalwareEvolution

"🔧 Innovative Malware Delivery via SecuriDropper 📲 #TechTactics"

SecuriDropper uses unique API calls to mimic legitimate app installation, ensuring the delivery of malicious payloads. It's a clever twist in the cybercrime saga!

SecuriDropper is a new Android service called "Dropper-as-a-service" (DaaS). It can bypass Google's security measures and deliver malware. Dropper malware on Android is a tool that cybercriminals use to install harmful software on compromised devices. It allows attackers to separate the development of the attack from the installation of the malware. Google introduced "Restricted Settings" in Android 13 to prevent apps from outside the official store from gaining certain permissions.
However, SecuriDropper disguises itself as harmless apps to get around this security measure. Notably, SecuriDropper uses a different Android feature to make it look like it's installing apps from the official store and asks for permissions to access external storage and install packages. ThreatFabric has observed SecuriDropper distributing banking trojans like SpyNote and ERMAC. Another similar tool, Zombinder, was also seen using a similar bypass method, although it's unclear if they are connected. Android's security is constantly evolving, and DaaS platforms have become powerful tools for cybercriminals. Google emphasizes user control over permissions and the role of Google Play Protect in keeping Android devices safe.

#AndroidMalware #CyberAttack #InfoSec

Source: The Hacker News

"🔍 Dive Deep into SpyNote: The Stealthy Android Spyware 📱🕵️‍♂️"

SpyNote, a notorious Android spyware, has been making waves in the cybersecurity realm. This malware, primarily spread via smishing, aims to snoop on users, capturing a plethora of personal data. Some intriguing features of SpyNote include:

🔹 Stealth Mode: Once installed, it remains hidden, making it challenging for users to detect.
🔹 Diehard Services: It employs unique services that restart themselves, ensuring the malware remains active.
🔹 Phone Call Recording: SpyNote can record incoming calls, sending the recordings to its Command & Control server.
🔹 Screenshots: Using the MediaProjection API, it captures images of the user's phone screen.
🔹 Keylogging: All keystrokes are logged, capturing sensitive data like passwords.
🔹 Challenging Uninstallation: The spyware makes its removal extremely tricky, often leaving victims with the sole option of a factory reset.

Stay vigilant and ensure your devices are protected against such threats. 🛡️🔒

Source: F-Secure Blog

Tags: #SpyNote #AndroidMalware #Spyware #CyberSecurity #MobileSecurity #InfoSec #ThreatAnalysis

Author: Amit Tambe

"🔥 CapraTube Alert! Transparent Tribe's Sneaky Move 📺📲"

Transparent Tribe, a suspected Pakistani actor, has unveiled CapraTube, a deceptive Android application that mimics YouTube. SentinelLabs discovered three Android application packages (APKs) linked to Transparent Tribe's CapraRAT mobile remote access trojan (RAT). These apps give the illusion of being YouTube but are far less feature-rich than the genuine Android YouTube app.

CapraRAT is a potent tool, granting attackers control over vast amounts of data on infected Android devices. This RAT has been used for surveillance against targets related to the disputed Kashmir region and human rights activists focusing on Pakistan. The group distributes these Android apps outside the Google Play Store, using self-hosted websites and social engineering to lure users into installing weaponized applications.

In 2023, the group spread CapraRAT Android apps disguised as a dating service that carried out spyware activities. One of the newly identified APKs connects to a YouTube channel owned by Piya Sharma, suggesting the actor continues to employ romance-based social engineering tactics.

Key features of CapraRAT include:

• Recording via microphone, front & rear cameras 🎥
• Collecting SMS, multimedia message contents, call logs 📞
• Sending SMS messages, blocking incoming SMS 📩
• Initiating phone calls 📲
• Taking screen captures 🖼️
• Overriding system settings like GPS & Network 🛰️
• Modifying files on the phone's filesystem 📁

For those in the India and Pakistan regions linked to diplomatic, military, or activist matters, it's crucial to be cautious of this actor and threat. Always be wary of apps outside the Google Play store and evaluate the permissions they request.

Source: SentinelOne Labs

Tags: #CapraTube #TransparentTribe #CapraRAT #CyberSecurity #AndroidMalware #SentinelLabs #MobileSecurity #APT 🌐🔐📱

Author: Alex Delamotte.

@lightweight

Why only a WinPC? (or Android.... edited text, my mistake, ☺️)

The QR code could be a #windowsmalware or an #androidmalware or a⭕ #macmalware

@techhelpkb
Malware called "MetaStealer" #metastealer is being used by hackers to attack businesses and to steal data from Intel-based Macs, with techniques including posing as legitimate app installers.

Mastodon
https://mastodon.social/@techhelpkb/111081595781387931

Webpage
https://appleinsider.com/articles/23/09/16/macos-metastealer-attacks-go-after-business-user-data

#macos #malware