Beware: a single tap of a credit card or bank card to your Android phone can drain your account.
It’s a little more complicated than that, but if you’ve downloaded an app that has the SuperCard X malware, you could lose a lot of money.
Here’s how the scam works:
- Criminals use a fake text or WhatsApp message, pretending to be from a bank, warning you of a suspicious transaction. As mentioned in my post about scam texts, be cautious of any texts or WhatsApp messages from unknown senders.
- You are urged to call a phone number, connecting you to a scammer who poses as a bank representative.
- The scammer convinces you to download a malicious app (often disguised as a security or verification tool), which secretly installs the SuperCard X malware.
- The scammer instructs you to tap your credit or bank card on the phone to verify it. The malware intercepts and steals the card data via NFC (Near Field Communication is the technical capability that allows Google Pay to work at a store’s credit card terminal).
- The stolen card details are relayed to a second device controlled by the criminal, allowing them to make unauthorized contactless payments or ATM withdrawals.
Please be careful when installing any application on your phone. In the future I’ll write an article on Android virus scanning apps that help to detect malware like SuperCard X.