![[The AI Show Episode 146]: Rise of “AI-First” Companies, AI Job Disruption, GPT-4o Update Gets Rolled Back, How Big Consulting Firms Use AI, and Meta AI App](https://www.marketingaiinstitute.com/hubfs/ep%20146%20cover.png)
.jpg?width=1920&height=1920&fit=bounds&quality=70&format=jpg&auto=webp#)
_Brian_Jackson_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale#)
_Steven_Jones_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale#)
 Stolen 884,000 Credit Card Details on 13 Million Clicks from Users Worldwide.webp?#)
![Look at this Chrome Dino figure and its adorable tiny boombox [Gallery]](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2025/05/chrome-dino-youtube-boombox-1.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1)
![Apple Seeds visionOS 2.5 RC to Developers [Download]](https://www.iclarified.com/images/news/97240/97240/97240-640.jpg)
![Apple Seeds tvOS 18.5 RC to Developers [Download]](https://www.iclarified.com/images/news/97243/97243/97243-640.jpg)
![Apple Releases macOS Sequoia 15.5 RC to Developers [Download]](https://www.iclarified.com/images/news/97245/97245/97245-640.jpg)
This dastardly phishing attack has stolen nearly a million credit cards - here's how to stay safe
Darcula has only been around for a couple of years but has quickly became a major PhaaS threat.
- Around 600 threat actors are using Darcula, experts warn
- They have managed to steal more than 800,000 credit card details in less than a year
- Mobile devices are prime targets for phishing nowadays
Darcula, an infamous Phishing-as-a-Service (PhaaS) kit, has helped hundreds of its users steal almost a million credit cards in roughly half a year’s time, cybersecurity researchers have said.
Analysts from NRK, Bayerischer Rundfunk, Le Monde, and Norwegian security firm Mnemonic have been drilling deep into Darcula, which in just seven months between 2023 and 2024 served some 600 operators.
The hackers were able to generate 13 million clicks on malicious links sent via text messages to targets worldwide - and as a result, were able to steal 884,000 credit cards.
Keeper is a cybersecurity platform primarily known for its password manager and digital vault, designed to help individuals, families, and businesses securely store and manage passwords, sensitive files, and other private data.
It uses zero-knowledge encryption and offers features like two-factor authentication, dark web monitoring, secure file storage, and breach alerts to protect against cyber threats.
Preferred partner (What does this mean?)View Deal
Generative AI threats
Apparently, Darcula is focused on mobile platforms - Android and iOS, and uses 20,000 domains and can easily spoof well-known brands.
It stands out from other similar platforms by using RCS and iMessage instead of the usual SMS, making its attacks more effective.
To make matters worse, Darcula allows its users to auto-generate phishing kits for almost any conceivable brand, convert credit cards to virtual cards, and with the help of Generative Artificial Intelligence (GenAI), they can create phishing messages in almost any language and on almost any topic.
Darcula’s operators seem to be Chinese in origin, since most communication is done in closed Telegram groups and in Chinese language. The researchers also observed SIM farms and hardware setups which allow the operators to offer mass text messages and credit card processing through terminals.
A September 2024 report from security researchers Zimperium argued four in five (82%) of all phishing sites today target mobile devices, since they are generally weaker and more often unmanaged compared to desktop and laptop computers.
Defending against phishing, however, hasn't changed much. It still revolves around common sense, being skeptical of all incoming messages, especially those with a sense of urgency, or unexpected attachments.
Clicking on links in emails and SMS messages, particularly those hidden behind a placeholder or a URL shortener, is also risky.
Via BleepingComputer
You might also like
- Businesses are being hit with more mobile phishing than ever before
- Take a look at our guide to the best authenticator app
- We've rounded up the best password managers
