A potent new phishing-as-a-service (PhaaS) platform called “Darcula” poses a significant threat to iPhone users. This sophisticated service has already been used in attacks, utilizing iMessage to deliver convincing phishing links designed to steal user credentials.
What is Darcula?
Darcula stands out with its extensive capabilities and ease of use. It boasts these features:
- Massive Scale: Darcula uses over 20,000 domains for spoofing legitimate brands and organizations.
- Global Reach: Victims in over 100 countries have been targeted.
- Sophisticated Templates: Over 200 highly credible phishing templates mimic postal services, financial institutions, government agencies, and more.
- Evasive Tactics: Darcula bypasses traditional SMS filtering by using iMessage and RCS (on Android) for phishing message delivery.
Darcula was first documented last summer by security researcher Oshri Kalfon but Netcraft analysts report that the platform has been becoming more popular in the cybercrime space, and was recently used in several high-profile cases.
Unlike traditional phishing methods, Darcula employs modern technologies like JavaScript, React, Docker, and Harbor, enabling continuous updates and new feature additions without clients needing to reinstall the phishing kits.
