New Darcula Phishing Service Targets iPhone Users Via iMessage
Phishing attacks are on the rise. Anyone who uses email, text messaging, and other ways of communication is a potential victim these days. Recently a new phishing-as-a-service (PhaaS) named ‘Darcula’ surfaced online. As per the latest reports, the service uses 20,000 domains to spoof brands and steal credentials from users in more than 100 countries. It has been used against different services and organizations offering fraudsters over 200 templates to select from. From postal, financial, government, and taxation departments, to telcos, airlines, and utilities, this service affected several departments.
How Darcula Phishing Service Attacks?
There is one specialty about this phishing service. It approaches the targets using the Rich Communication Services (RCS) protocol for Google Messages and iMessage instead of SMS. Reports claim that Darcula was first documented last summer by security researcher Oshri Kalfon. However, the platform has become more popular in the cybercrime space since then. It has been used in several high-profile cases. Many posts on Reddit’s /r/phishing highlighted:
The Darcula is quite different from traditional phishing methods. It uses modern technologies like JavaScript, React, Docker, and Harbor, allowing continuous updates and new feature additions without consumers needing to reinstall the phishing kits. In addition, the phishing kit offers 200 phishing templates that mimic brands and organizations in more than 100 countries. The landing pages are of high quality. Moreover, they use the accurate local language, logos, and content making them quite difficult to distinguish.
The fraudsters pick a brand to imitate and run a setup script. After that, they install the corresponding phishing site and its management dashboard directly into a Docker environment. The system employs the open-source container registry Harbor to host the Docker image. On the contrary, the phishing sites are developed using React. The service typically uses “.top” and “.com” top-level domains to host purpose-registered domains for phishing attacks. Approximately, one-third of these attacks are backed by Cloudflare.
Netcraft mapped 20,000 Darcula domains across 11,000 IP addresses, with 120 new domains being added regularly. The benefit of Darcula is that recipients are more likely to perceive the communication as legitimate, trusting the additional safeguards that aren’t available in SMS. As RCS and iMessage support end-to-end encryption, it is very difficult to intercept and thwart phishing messages based on their content.
PTA Taxes Portal
Find PTA Taxes on All Phones on a Single Page using the PhoneWorld PTA Taxes Portal
Explore NowFollow us on Google News!