Netcraft has revealed that its discovered darcula, a new sophisticated Chinese-language Phishing-as-a-Service (PhaaS) platform, used on over 19,000 phishing domains, offering easy deployment of phishing sites with hundreds of templates targeting worldwide brands.
Unlike typical phishing kits, darcula can update in place to add new features and anti-detection measures functionality. Netcraft observed a recent update that changed the kit to make malicious content available via a specific path rather than the front page to disguise the attack location.
Netcraft detected darcula infrastructure domains across 11,000 IP addresses based in 100+ countries, and since the start of 2024, an average of 120 new domains have hosted phishing pages each day. Like other PhaaS threat actors, this group also offers a paid monthly subscription to other criminals.
This new report unveils Netcraft researchers have observed darcula phishing attacks targeting DHL, Evri, USPS, Bulgarian, Australia, and Singapore Posts; anti-monitoring redirecting site crawlers to a cat breed; and Rich Communication Services (RCS)/iMessage on Apple and Android devices and package scams.
The darcula platform targets industries that rely heavily on consumer trust, including postal services, public and private utilities, financial institutions, government bodies (tax departments), airlines, and telecommunication organizations, underscoring the potential impact of the PhaaS threat actors attacks.
Netcraft examines in detail how darcula works, how its campaigns differ from conventional smishing, and why these campaigns offer a uniquely practical approach to extracting critical data from victims, including RCS and iMessage used for phishing lures.
You can read the report here.
Related
This entry was posted on March 27, 2024 at 8:35 am and is filed under Commentary with tags Netcraft. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Netcraft Discovers New Chinese-Language PhaaS Text Message Phishing Attack Platform
Netcraft has revealed that its discovered darcula, a new sophisticated Chinese-language Phishing-as-a-Service (PhaaS) platform, used on over 19,000 phishing domains, offering easy deployment of phishing sites with hundreds of templates targeting worldwide brands.
Unlike typical phishing kits, darcula can update in place to add new features and anti-detection measures functionality. Netcraft observed a recent update that changed the kit to make malicious content available via a specific path rather than the front page to disguise the attack location.
Netcraft detected darcula infrastructure domains across 11,000 IP addresses based in 100+ countries, and since the start of 2024, an average of 120 new domains have hosted phishing pages each day. Like other PhaaS threat actors, this group also offers a paid monthly subscription to other criminals.
This new report unveils Netcraft researchers have observed darcula phishing attacks targeting DHL, Evri, USPS, Bulgarian, Australia, and Singapore Posts; anti-monitoring redirecting site crawlers to a cat breed; and Rich Communication Services (RCS)/iMessage on Apple and Android devices and package scams.
The darcula platform targets industries that rely heavily on consumer trust, including postal services, public and private utilities, financial institutions, government bodies (tax departments), airlines, and telecommunication organizations, underscoring the potential impact of the PhaaS threat actors attacks.
Netcraft examines in detail how darcula works, how its campaigns differ from conventional smishing, and why these campaigns offer a uniquely practical approach to extracting critical data from victims, including RCS and iMessage used for phishing lures.
You can read the report here.
Share this:
Like this:
Related
This entry was posted on March 27, 2024 at 8:35 am and is filed under Commentary with tags Netcraft. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.