After the shutdown of the Darcula phishing platform and the Magic Cat software used by scammers, the Magic Mouse solution has gained popularity among criminals. According to experts at Mnemonic, Magic Mouse is already helping steal the data of at least 650,000 bank cards per month.
In the spring of this year we covered Darcula’s operations and the investigation conducted by experts from Mnemonic. This PhaaS platform (phishing-as-a-service) targeted Android and iPhone users in more than 100 countries worldwide. The criminal service used 20,000 domains impersonating well-known brands to steal credentials.
According to analysts, the Darcula operators were responsible for the theft of 884,000 bank cards, and victims around the world clicked malicious links received via text messages 13 million times.
Soon after the publication of this report on the platform’s activity and the exposure of its creator’s identity (a certain Yuchen S., a 24-year-old resident of China’s Henan province), Darcula’s activity ceased completely. However, as reported by Mnemonic researchers at DEF CON, another similar phishing service is now gaining popularity among cybercriminals.
Experts remind that the Magic Cat software played a key role in Darcula’s operations. The aforementioned Yucheng S. developed Magic Cat for hundreds of his clients, who used this software to launch their own fraudulent SMS campaigns around the world.
Now a similar platform has replaced Magic Cat — Magic Mouse, whose popularity surged after Darcula’s shutdown.
Experts believe that Magic Mouse is a new operation run by a different group of developers. In other words, it is not related to Darcula. However, the current success of Magic Mouse is largely due to the fact that the new operators have appropriated the phishing kits that made its predecessor’s software so popular.
These kits contain hundreds of phishing site templates that Magic Cat used to mimic the legitimate web pages of major technology giants, popular consumer services, and delivery companies. All of these sites were created to fraudulently force victims to provide their bank card details.
Although Magic Mouse is already highly popular, and in the future the threat may become even more dangerous than Magic Cat, bringing its operators millions of dollars in profit (in the form of funds stolen from victims), researchers note that law enforcement “don’t see” beyond a few isolated reports of fraud. In other words, no one is yet treating Magic Mouse as a large-scale fraud campaign.
At the same time, Mnemonic believes that most of the responsibility for the existence and thriving of such fraudulent schemes lies with technology companies and financial giants, which still do not make it harder for fraudsters to use stolen cards.