Darcula

Last updated

Darcula is a "phishing as a service" (PhaaS) Chinese-language platform which has been used in phishing attacks against organizations (government, airlines) and services (postal, financial) in over 100 countries. [1] [2] Darcula offers to cybercriminals more than 20,000 counterfeit domains (to spoof brands) and over 200 templates. [1] [2] Darcula uses iMessage and RCS (Rich Communication Services) to steal credentials from Android and iPhone users. [3]

In May 2025, the Norwegian Broadcasting Corporation (NRK) in collaboration with BR, Le Monde, and the Norwegian cybersecurity company mnemonic reported on Darcula. [4] [5] [6] [7] They reported that the group was able to steal a total of 884,000 credit cards from victims during a period of seven months between 2023 and 2024. They also claim that the software used by the group, Magic Cat, was developed by Yucheng C., a 24-year old man from Henan, China. [8]

References

  1. 1 2 "Darcula Phishing Network Leveraging RCS and iMessage to Evade Detection". The Hacker News.
  2. 1 2 "New Darcula phishing service targets iPhone users via iMessage". BleepingComputer.
  3. "'Darcula' Phishing-as-a-Service Operation Bleeds Victims Worldwide". www.darkreading.com.
  4. "Inside the Scam Network". nrk.no.
  5. "The Chinese Scammers Behind the Fake DHL Messages". br.de.
  6.  Votre colis n'a pas pu être livré » : enquête sur les arnaques à la carte bancaire par SMS". lemonde.fr.
  7. "Exposing Darcula: a rare look behind the scenes of a global Phishing-as-a-Service operation". mnemonic.io.
  8. "The Hunt for Darcula". nrk.no.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.