- Around 600 threat actors are using Darcula, experts warn
- They have managed to steal more than 800,000 credit card details in less than a year
- Mobile devices are main objectives for phishing today
Darcula, an infamous Phishing Kit as a service (Phaas), has helped hundreds of its users steal almost one million credit cards in approximately half a year, cybersecurity researchers said.
NRK analysts, Bayerischer Rundfunk, Le Monde and Norwegian security firm Mnemonic have been drilling deeply in Darcula, which in just seven months between 2023 and 2024 attended about 600 operators.
Computer pirates could generate 13 million clicks on malicious links sent through text messages to objectives from around the world, and as a result, they were able to steal 884,000 credit cards.
Generative threats of AI
Apparently, Darcula focuses on mobile platforms: Android and iOS, and uses 20,000 domains and can easily falsify known brands.
It stands out from other similar platforms through the use of RC and Imessage instead of the usual SMS, which makes its attacks more effective.
To make things worse, Darcula allows its users to generate automatic phishing kits for almost any conceivable brand, convert credit cards into virtual cards and with the help of generative artificial intelligence (Genai), they can create phishing messages into almost any language and almost any subject.
Darcula operators seem to be of Chinese origin, since most communication is done in closed telegram groups and in Chinese language. The researchers also observed SIM farm and hardware configurations that allow operators to offer mass text messages and credit card processing through terminals.
A September 2024 report by Zimperium security researchers argued four out of five (82%) of all Phishing sites today, since they are generally weaker and more often not administered compared to desktop computers and laptops.
Defending against phishing, however, has not changed much. It still revolves around common sense, being skeptical of all incoming messages, especially those with a sense of urgency or unexpected attachments.
Clicking links in emails and SMS messages, particularly those hidden behind a position marker or a URL shorter, is also risky.
Through Bleepingcomputer
