More than 600 scam operators leveraging the Darcula phishing-as-a-service kit were reported by Norwegian state-run broadcasting firm NRK, Bayerischer Rundfunk, and Le Monde to have been able to exfiltrate 884,000 credit cards from malicious text messages with links that have been clicked over 13 million times within a span of seven months from 2023 to 2024, according to BleepingComputer.
Operators, which were in separate Telegram groups, spoke mostly Chinese and managed SIM farms to perform the massive text message fraud, with significant Dracula volumes observed from Thai user x66/Kris, reported the NRK. Such a report was a follow-up to Norwegian security firm Mnemonic's initial investigation that revealed Darcula's use of the Magic Cat phishing toolkit, which NRK later alleged to have been developed by a former employee of a Chinese firm that claimed to only peddle software that aided in the creation of websites. Despite admitting the use of Magic Cat for fraud and pledging its shutdown, the Chinese firm has only released an updated version.
Operators, which were in separate Telegram groups, spoke mostly Chinese and managed SIM farms to perform the massive text message fraud, with significant Dracula volumes observed from Thai user x66/Kris, reported the NRK. Such a report was a follow-up to Norwegian security firm Mnemonic's initial investigation that revealed Darcula's use of the Magic Cat phishing toolkit, which NRK later alleged to have been developed by a former employee of a Chinese firm that claimed to only peddle software that aided in the creation of websites. Despite admitting the use of Magic Cat for fraud and pledging its shutdown, the Chinese firm has only released an updated version.
