Chinese-language Phishing-as-a-Service platform ‘darcula’ targets organizations in 100+ countries with sophisticated techniques using more than 20,000 phishing domains
‘darcula’ [sic] is a new, sophisticated Phishing-as-a-Service (PhaaS) platform used on more than 20,000 phishing domains that provide cyber criminals with easy access to branded phishing campaigns. Rather than the more typical PHP, the platform uses many of the same tools employed by high-tech startups, including JavaScript, React, Docker, and Harbor.
Using iMessage and RCS rather than SMS to send text messages has the side effect of bypassing SMS firewalls, which is being used to great effect to target USPS along with postal services and other established organizations in 100+ countries.
Phishing attacks conducted using text messages, known as ‘smishing’ attacks, are nothing new. Nor are campaigns featuring ‘missed package’ messages sent via SMS. These attacks trick users into entering credentials and other sensitive information in the belief they are interacting with legitimate postal organizations.
The darcula platform has been used for numerous high-profile phishing attacks over the last year, including messages received on both Apple and Android devices in the UK, as well as package scams impersonating United States Postal Service (USPS) highlighted in numerous posts on Reddit’s /r/phishing.
Those operating sites using darcula frequently distribute their URLs via RCS and iMessage. These messages are free to send, leverage consumer trust (many iPhone users will be used to blue messages only from known contacts), and evade some filters put in place by network operators, which often prevent scam SMS messages from being delivered to potential victims.
This blog post examines in detail how darcula works, how its campaigns differ from conventional smishing, and why these campaigns offer a uniquely effective approach to extracting critical data from victims.
What is darcula? Cybercrime-as-a-Service is a serious business
darc
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: