Russia Faces a New Breed of NFC Hack — and It’s Hiding in Plain Sight

A new wave of mobile malware is targeting Russian users — and it’s wearing a familiar disguise.

Security firm F6 has flagged SuperCard, a malicious app designed to steal funds directly from bank accounts by hijacking NFC payment data. The tool, a modified version of the infamous NFCGate exploit, has already been used worldwide. Now, it’s been spotted in action on Russian soil.

Here’s how it works: the app mimics legitimate services — government portals, banking apps, even courier tools. Once installed, it listens in on contactless payments, intercepts card data, and quietly hands it over to attackers. Victims rarely know what hit them until their balances drop.

The cybercriminals aren’t stopping there. SuperCard is now distributed via Telegram channels — including some run in Chinese — under a subscription model. Subscribers get not only access to the malware, but also customer support, updates, and how-to manuals. It’s scamware-as-a-service, and it’s disturbingly polished.

F6 warns that users should be especially wary of sideloading apps and installing anything from unofficial sources. The golden rule: if it looks helpful, double-check. “Even a simple image file can carry a payload,” cybersecurity experts caution. “Don’t trust a file just because it came from someone you know.”

As Russia pushes deeper into digital infrastructure, it’s also becoming a richer target. And SuperCard is a sobering reminder: in an age where malware can masquerade as public service, every download is a potential risk.