A new phishing-as-a-service platform known as “Darcula” has been identified as the most pervasive worldwide package scam operation to date. This Chinese-language platform has created 19,000 phishing domains and has targeted over 100 countries, offering cybercriminals access to branded phishing campaigns for a monthly subscription fee of around $250. Researchers at Internet infrastructure security vendor Netcraft have highlighted the technical sophistication of Darcula, utilizing tools typically employed by application developers such as JavaScript, React, Docker, and Harbor.
Unlike previous attacks, Darcula primarily targets consumers rather than businesses. The platform offers numerous phishing templates that imitate worldwide brands, including various postal services like Kuwait Post, Saudi Post, and Singapore Post. Darcula uses iMessage and RCS to bypass SMS firewalls and send scam messages, luring individuals to fake websites where they are tricked into disclosing personal information or payment card details.
Since the beginning of 2024, an average of 120 new domains hosting Darcula phishing pages are detected daily by Netcraft. Robert Duncan, vice president of product strategy at Netcraft, described Darcula as the most extensive package scam operation his company has encountered, surpassing other geographically targeted attacks.
To counter these phishing attempts, individuals are advised to avoid clicking on links in suspicious messages and instead go directly to the official website of the entity in question. Enterprises are urged to utilize commercial security platforms to block access to known phishing sites. With Darcula’s ability to continuously update its phishing websites to add new features and anti-detection functionality, it is crucial for both individuals and organizations to remain vigilant against these evolving threats.
