Phishing-as-a-service has reached new heights with the emergence of the “Darcula” operation, described as the most pervasive worldwide package scam to date. This sophisticated Chinese-language platform has generated 19,000 phishing domains targeting over 100 countries, offering cybercriminals access to branded phishing campaigns for a monthly subscription fee of approximately $250.
Darcula’s technical sophistication sets it apart, employing tools commonly used by application developers such as JavaScript, React, Docker, and Harbor. Unlike traditional phishing methods, Darcula leverages iMessage and RCS to send text messages, bypassing SMS firewalls and increasing its efficacy.
The platform provides a wide array of phishing templates targeting global brands, including postal services and telecom providers in countries like Kuwait, the UAE, Jordan, Saudi Arabia, Australia, Singapore, South Africa, Nigeria, and Morocco. These scams primarily target consumers, often using package delivery as a lure.
Israeli security researcher Oshri Kalfon uncovered Darcula’s operations after receiving a scam message in Hebrew. Investigation revealed that the platform boasts around 200 phishing templates and utilizes purpose-built domains, rather than hacked legitimate ones.
Since the beginning of 2024, Netcraft has detected an average of 120 new Darcula phishing domains daily. The platform’s agility and constant updates pose challenges for traditional defense mechanisms.
While Darcula primarily targets Chinese-speaking cybercriminals, its impact extends globally, underscoring the importance of robust cybersecurity measures to combat evolving threats.
Leave a Reply