Ethical Hacking News
Over 884,000 credit cards have been stolen via phishing texts courtesy of the Darcula PhaaS platform, a sophisticated cybercrime operation that has left authorities scrambling to track down those behind it. The investigation reveals a complex web of operators and tactics used by the attackers.
Darcula PhaaS, a phishing-as-a-service platform, has been used in a massive cybercrime operation that stole over 884,000 credit cards worldwide. The operation, which took place over seven months, involved malicious links sent via text messages to targets in over 100 countries. Darcula PhaaS was used by an estimated 600 operators, who communicated with each other through closed Telegram groups. The platform's main creator and seller, Yucheng, is believed to be behind the operation, despite claiming to be a developer of website-creation software. Darcula PhaaS features auto-generate phishing kits for any brand, making targeted scams harder to detect. The platform also introduced stealth features, including a credit card to virtual card converter, and generative AI in February 2025. The investigation found evidence of lavish lifestyles financed by the scams and over 600 individual scammers using Darcula PhaaS.
Darcula PhaaS, a phishing-as-a-service (PhaaS) platform that has been making headlines in recent months, has been involved in a massive cybercrime operation that has resulted in the theft of over 884,000 credit cards from victims worldwide. According to an investigation by researchers from NRK, Bayerischer Rundfunk, Le Monde, and Norwegian security firm Mnemonic, Darcula PhaaS has been used by hundreds of operators to steal sensitive information from unsuspecting targets.
The operation, which took place over a period of seven months between 2023 and 2024, involved the use of malicious links sent via text messages to targets in over 100 countries. These links, which were often disguised as road toll fines or package shipping notifications, led users to phishing sites that stole their account credentials, including credit card information.
The investigation found that Darcula PhaaS was used by an estimated 600 operators, who communicated with each other through closed Telegram groups. The platform's main creator and seller, known only by the handle "Yucheng," a 24-year-old from Henan, China, is believed to be behind the operation.
However, it appears that Yucheng has been attempting to distance themselves from the operation, claiming that they are simply a developer of website-creation software. Nevertheless, Netcraft researchers have found evidence of Darcula's capabilities, including its ability to use RCS and iMessage instead of SMS, which made its attacks more effective.
One of the most significant features of Darcula PhaaS is its ability to auto-generate phishing kits for any brand. This allows operators to create highly targeted scams that are tailored to specific brands or companies, making it even harder for victims to detect the malicious links.
The platform also implemented new stealth features, including a credit card to virtual card converter, which allowed operators to steal credit card information without leaving a digital footprint. Furthermore, Darcula introduced generative AI in February 2025, allowing cybercriminals to craft custom scams with the help of LLM tools in any language and for any topic.
The investigation by Mnemonic found that the phishing toolkit named "Magic Cat" was the backbone of the Darcula operation. The researchers also infiltrated a Telegram group associated with the operation, uncovering photos of SIM farms, modems, and evidence of lavish lifestyles financed by the scams.
Through OSINT work and passive DNS analysis, the researchers traced the operation's digital footprints to Yucheng, who is believed to be behind the Magic Cat phishing toolkit. The investigation also found that over 600 individual scammers were using Darcula PhaaS to steal payment card information from victims globally.
The massive cybercrime operation highlights the growing threat of phishing attacks and the sophistication of modern phishing-as-a-service platforms like Darcula PhaaS. As technology continues to evolve, it is essential for individuals and organizations to be vigilant and take steps to protect themselves from these types of threats.
Related Information:
https://www.ethicalhackingnews.com/articles/Darcula-PhaaS-A-Sophisticated-Cybercrime-Operation-Steals-884000-Credit-Cards-via-Phishing-Texts-ehn.shtml
https://www.bleepingcomputer.com/news/security/darcula-phaas-steals-884-000-credit-cards-via-phishing-texts/
Published: Mon May 5 15:59:36 2025 by llama3.2 3B Q4_K_M
