Blackcatcard is a JOKE of a fintech.
Rejects real Saudi documents, asks for dumb “proof of address” like we live in Europe.
Racist system. Useless app. Dumb support.
We’re not your slaves—we’re GULF clients.
Gulf countries, WAKE UP. Boycott this garbage.
#Blackcatcard #GulfBoycott #FintechFraud #Exposed

🚨 A new Android malware campaign is using NFC relay attacks to clone credit cards — and it’s nearly invisible to antivirus tools.

Security researchers have discovered 'SuperCard X', a malware-as-a-service (MaaS) platform that allows cybercriminals to steal card data and make contactless payments using compromised Android devices.

Key highlights from the report:
- Distributed via social engineering scams through fake SMS or WhatsApp messages
- Victims are tricked into installing a malicious app disguised as a bank “verification” tool
- Once installed, it uses NFC to read card chip data and sends it to a second attacker device
- Attackers use a companion app to emulate the victim’s card and make payments or ATM withdrawals

🔍 What makes it dangerous:
- SuperCard X requests minimal permissions, making it hard to detect
- It uses ATR-based card emulation and mutual TLS (mTLS) for secure communication
- Malware is not flagged by any antivirus engines on VirusTotal
- Transactions are small, instant, and look legitimate to banks — making them harder to detect or reverse

🛡️ Google responded saying Play Protect is active and currently no such apps are listed on Google Play. But since these apps spread outside the store, Android users remain at risk — especially if they sideload apps or fall for impersonation scams.

This is a textbook example of how mobile payment infrastructure is being exploited — and why NFC security deserves more attention in mobile-first threat models.

At @Efani we’re committed to helping protect high-risk users from silent, evasive mobile threats just like this.

#Cybersecurity #AndroidMalware #NFC #MobileSecurity #EfaniSecure #SuperCardX #FintechFraud #MalwareAsAService