Meet the Phishing service platform named Darcula

    Cybersecurity analysts at Netcraft, an internet service company based in London, have recently uncovered a sophisticated phishing platform dubbed ‘Darcula.’ This platform, known as a phishing-as-a-service (PhaaS) operation, provides users with template-based guidance for setting up phishing websites.

    What sets Darcula apart is its continual evolution with innovative updates, including new anti-detection measures and features designed to obscure the attack’s origin. These features incorporate technologies such as JavaScript, React Docker, and Harbor, facilitating the seamless reinstallation of phishing kits. Currently, Darcula boasts over 20,000 domains and operates across 11,000 IP addresses spanning more than 100 countries.

    According to Netcraft, cybercriminals leveraging Darcula have successfully targeted organizations like DHL, Evri, and USPS. Their interests extend to government agencies, postal services, financial institutions, telecommunications companies, and manufacturing sectors.

    It’s important to note that despite its name, ‘Darcula’ bears no connection to the classic novel “Dracula” published in 1887. The naming might evoke suspense and horror, but the association ends there.

    Security researcher Oshri Kalfon revealed last summer that Darcula employs the Rich Communication Services (RCS) protocol, familiar to users of Apple’s iMessage and Google’s Messages, as a means of reaching targets. This protocol offers an alternative to traditional SMS messaging.

    Given the rise of phishing attempts through messaging platforms, users should exercise caution when encountering embedded URLs in incoming messages. Clicking on these links could lead to fraudulent websites. Look out for grammar and spelling errors, as well as offers that seem too good to be true, to avoid falling victim to phishing scams.

    Ad
    Naveen Goud
    Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

    No posts to display