This dastardly phishing attack has stolen nearly a million credit cards - here's how to stay safe

BY Magicpotter 6. May 2025 0 comments

This dastardly phishing attack has stolen nearly a million credit cards – here’s how to stay safe

Around 600 threat actors are using Darcula, experts warn
They have managed to steal more than 800,000 credit card details in less than a year
Mobile devices are prime targets for phishing nowadays

Darcula, an infamous Phishing-as-a-Service (PhaaS) kit, has helped hundreds of its users steal almost a million credit cards in roughly half a year’s time, cybersecurity researchers have said.

Analysts from NRK, Bayerischer Rundfunk, Le Monde, and Norwegian security firm Mnemonic have been drilling deep into Darcula, which in just seven months between 2023 and 2024 served some 600 operators.

The hackers were able to generate 13 million clicks on malicious links sent via text messages to targets worldwide – and as a result, were able to steal 884,000 credit cards.

Generative AI threats

Apparently, Darcula is focused on mobile platforms – Android and iOS, and uses 20,000 domains and can easily spoof well-known brands.

It stands out from other similar platforms by using RCS and iMessage instead of the usual SMS, making its attacks more effective.

To make matters worse, Darcula allows its users to auto-generate phishing kits for almost any conceivable brand, convert credit cards to virtual cards, and with the help of Generative Artificial Intelligence (GenAI), they can create phishing messages in almost any language and on almost any topic.

Darcula’s operators seem to be Chinese in origin, since most communication is done in closed Telegram groups and in Chinese language. The researchers also observed SIM farms and hardware setups which allow the operators to offer mass text messages and credit card processing through terminals.

A September 2024 report from security researchers Zimperium argued four in five (82%) of all phishing sites today target mobile devices, since they are generally weaker and more often unmanaged compared to desktop and laptop computers.

Defending against phishing, however, hasn’t changed much. It still revolves around common sense, being skeptical of all incoming messages, especially those with a sense of urgency, or unexpected attachments.

Clicking on links in emails and SMS messages, particularly those hidden behind a placeholder or a URL shortener, is also risky.

Via BleepingComputer

This dastardly phishing attack has stolen nearly a million credit cards – here’s how to stay safe

Microsoft’s Xbox PC launcher gets going with Steam, Epic, and other games showing up

Senate Parliamentarian raised concerns that the tax bill’s ban on states from enforcing AI regulations may violate Senate rules, advising a rewrite (Bloomberg)

Internet and TV Bundle Prices Are Up This Year: Here’s How to Cut Back

Apple CarPlay Ultra stalls as these 5 car giants have reportedly decided to U-turn

This Sony Portable Speaker Is Practically Free at 56% Off for Early Prime Day, Stock Is Running Out

Leave a Comment Cancel reply

Your outdated tech might be a ‘goldmine’

Microsoft to Retire the Blue Screen of Death (Again) for a Black Void

Buying Your First Domain? These Are the Best Registrars

Useful links

Latest Product

Trending

Latest News

Menu