- Around 600 threat actors are using Darcula, experts warn
- They have managed to steal more than 800,000 credit card details in less than a year
- Mobile devices are prime targets for phishing nowadays
Darcula, an infamous Phishing-as-a-Service (PhaaS) kit, has helped hundreds of its users steal almost a million credit cards in roughly half a year’s time, cybersecurity researchers have said.
Analysts from NRK, Bayerischer Rundfunk, Le Monde, and Norwegian security firm Mnemonic have been drilling deep into Darcula, which in just seven months between 2023 and 2024 served some 600 operators.
The hackers were able to generate 13 million clicks on malicious links sent via text messages to targets worldwide – and as a result, were able to steal 884,000 credit cards.
Generative AI threats
Apparently, Darcula is focused on mobile platforms – Android and iOS, and uses 20,000 domains and can easily spoof well-known brands.
It stands out from other similar platforms by using RCS and iMessage instead of the usual SMS, making its attacks more effective.
To make matters worse, Darcula allows its users to auto-generate phishing kits for almost any conceivable brand, convert credit cards to virtual cards, and with the help of Generative Artificial Intelligence (GenAI), they can create phishing messages in almost any language and on almost any topic.
Darcula’s operators seem to be Chinese in origin, since most communication is done in closed Telegram groups and in Chinese language. The researchers also observed SIM farms and hardware setups which allow the operators to offer mass text messages and credit card processing through terminals.
A September 2024 report from security researchers Zimperium argued four in five (82%) of all phishing sites today target mobile devices, since they are generally weaker and more often unmanaged compared to desktop and laptop computers.
Defending against phishing, however, hasn’t changed much. It still revolves around common sense, being skeptical of all incoming messages, especially those with a sense of urgency, or unexpected attachments.
Clicking on links in emails and SMS messages, particularly those hidden behind a placeholder or a URL shortener, is also risky.
Via BleepingComputer
Leave a comment