New Darcula Phishing Service Targets iPhone Users Via iMessage

Laiba MohsinLast Updated: Mar 28, 2024
Phishing Service

Phishing attacks are on the rise. Anyone who uses email, text messaging, and other ways of communication is a potential victim these days. Recently a new phishing-as-a-service (PhaaS) named ‘Darcula’ surfaced online. As per the latest reports, the service uses 20,000 domains to spoof brands and steal credentials from users in more than 100 countries. It has been used against different services and organizations offering fraudsters over 200 templates to select from. From postal, financial, government, and taxation departments, to telcos, airlines, and utilities, this service affected several departments.

How Darcula Phishing Service Attacks?

There is one specialty about this phishing service. It approaches the targets using the Rich Communication Services (RCS) protocol for Google Messages and iMessage instead of SMS. Reports claim that Darcula was first documented last summer by security researcher Oshri Kalfon. However, the platform has become more popular in the cybercrime space since then. It has been used in several high-profile cases. Many posts on Reddit’s /r/phishing highlighted:

“The Darcula platform has been used for numerous high-profile phishing attacks over the last year, including messages received on both Apple and Android devices in the UK, as well as package scams impersonating the United States Postal Service (USPS)”

The Darcula is quite different from traditional phishing methods. It uses modern technologies like JavaScript, React, Docker, and Harbor, allowing continuous updates and new feature additions without consumers needing to reinstall the phishing kits. In addition, the phishing kit offers 200 phishing templates that mimic brands and organizations in more than 100 countries. The landing pages are of high quality. Moreover, they use the accurate local language, logos, and content making them quite difficult to distinguish.

The fraudsters pick a brand to imitate and run a setup script. After that, they install the corresponding phishing site and its management dashboard directly into a Docker environment. The system employs the open-source container registry Harbor to host the Docker image. On the contrary, the phishing sites are developed using React. The service typically uses “.top” and “.com” top-level domains to host purpose-registered domains for phishing attacks. Approximately, one-third of these attacks are backed by Cloudflare.

Netcraft mapped 20,000 Darcula domains across 11,000 IP addresses, with 120 new domains being added regularly. The benefit of Darcula is that recipients are more likely to perceive the communication as legitimate, trusting the additional safeguards that aren’t available in SMS. As RCS and iMessage support end-to-end encryption, it is very difficult to intercept and thwart phishing messages based on their content.

PTA Taxes Portal

Find PTA Taxes on All Phones on a Single Page using the PhoneWorld PTA Taxes Portal

Explore NowFollow us on Google News!
Laiba MohsinLast Updated: Mar 28, 2024
Photo of Laiba Mohsin

Laiba Mohsin

Laiba is an Electrical Engineer seeking a placement to gain hands-on experience in relevant areas of telecommunications. She likes to write about tech and gadgets. She loves shopping, traveling and exploring things.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button
Get Alerts!

PhoneWorld Logo

Join the groups below to get the latest updates!

💼PTA Tax Updates
💬WhatsApp Channel

>