2024-04-06 19:35:52
Darcula applies to a wide range of services and organizations, from postal, financial, government, tax departments to telecommunications, airlines, utility companies. Scammers are offered more than 200 templates to choose from, Bleeping Computer writes.
The service is distinguished by the fact that scammers reach users through Google Messages and iMessage advanced communication services. Rich Communications ServicesRCS) protocol – instead of regular SMS messages.
Darcula cheat service
Darcula, a phishing service, was first spotted by security researcher Oshri Kalfon last summer, but Netcraft analysts report that the platform is becoming increasingly popular in the cybercrime space – and has recently been implicated in several high-profile cases.
Unlike traditional phishing methods, Darcula uses modern technologies such as JavaScript, React, Docker, and Harbor, so it can be continuously updated and added new features—and customers don’t need to reinstall phishing software.
The phishing kit offers 200 templates impersonating brands and organizations in over a hundred countries. The fake pages are of high quality and use the appropriate local language, logos and content.
Researchers say the Darcula service typically uses .top and .com TLDs, which host domains specifically registered for phishing attacks, and about a third of them are even hosted by Cloudflare.
Netcraft has identified 20,000 Darcula domains associated with 11,000 IP addresses – and 120 new domains are added daily.
Sky SMS
Darcula abandons traditional SMS-based tactics and uses the RCS protocol instead of traditional text messages on Android and iMessage (iOS). The advantage of this for fraudsters is that recipients are more likely to perceive the message as genuine and legitimate, relying on additional protections that are not available in SMS messages.
Also, since RCS and iMessage support full end-to-end) encryption, it is impossible to intercept and block phishing messages based on their content.
Netcraft comments that recent worldwide efforts to curb SMS-based cybercrime by blocking suspicious messages are likely to push such phishing platforms towards alternative protocols such as RCS and iMessage.
However, these protocols have their own limitations that cybercriminals have to overcome.
For example, Apple prohibits sending mass messages, and Google recently introduced a restriction against “hacked” (eng. rooted) for Android devices to send or receive RCS messages.
Cybercriminals try to get around these restrictions by creating multiple Apple IDs and using device farms, sending a small number of messages from each device.
A more complicated hurdle is iMessage’s security feature, which only allows recipients to click on a URL link if they reply to the message.
To bypass this measure, the phishing message instructs the recipient to answer “Y” or “1” – and then open the message again to use the link. Such a process can reduce the effectiveness of a phishing attack.
Users should be suspicious of any messages they receive that encourage them to click on URL links – especially if the sender is unknown. Regardless of the platform or app, fraudsters will continue to experiment with new delivery methods.
Netcraft researchers also recommend paying attention to inaccurate grammar, spelling mistakes, overly attractive offers or calls to action, Bleeping Computer writes.
2024-04-06 19:35:52