INTRODUCTION

A recent advancement in phishing tactics has emerged from China, with a platform called “darcula” offering cybercriminals access to advanced tools and resources for launching attacks. According to a report from Netcraft on March 27, this sophisticated phishing-as-a-service (PhaaS) platform boasts over 20,000 phishing domains and provides user-friendly social engineering technologies for cybercriminals. This platform is being used to launch large-scale smishing attacks targeting the United States Postal Service (USPS) and global postal services across more than 100 countries.

Some of the known targets of this iMessage phishing campaign are USPS (the United States Postal Service), DHL, Evri, Australia Post, Bulgarian Posts, and Singapore Post.

Let’s delve into the workings of darcula, exploring how it operates covertly, evades detection, and most importantly, how users can safeguard themselves against its threats.

Darcula represents a significant development in the world of cybercrime. Unlike traditional PhaaS platforms that rely on email communication, Darcula leverages iMessage and Rich Communication Services (RCS) messaging for its attacks. This allows cybercriminals to bypass SMS firewalls commonly used to block phishing attempts.

WHY DARCULA USES iMESSAGE AND RCS?

The reason behind the Darcula phishing platform’s preference for iMessage and RCS over SMS is straightforward, iMessage and RCS offer features like file transfers and enhanced media support, making them appear more legitimate than traditional SMS messages. Additionally, these messaging services are often used for personal communication, potentially lowering a user’s guard against potential phishing attempts.

THE SMISHING TACTIC

The Darcula platform facilitates smishing attacks, a form of phishing that uses text messages to trick victims. These messages often impersonate legitimate organizations, such as postal services, and typically lure users into clicking malicious links or providing sensitive information.

In the case of attacks targeting postal services, the messages might impersonate the USPS or a similar national postal service, informing recipients of missed deliveries or requesting additional information for package clearance. Clicking the malicious link could lead to a fake website designed to steal the user’s login credentials, credit card information, or other sensitive data.

According to research conducted by Netcraft, the darcula phishing-as-a-service platform has been operational for approximately a year, being implicated in several notable phishing incidents during this period. Utilizing this platform, malicious actors have the capability to target both Apple and Android devices.

The platform provides various templates for crafting phishing messages along with counterfeit landing pages designed to deceive users. Instances documented on Reddit highlight how darcula attackers mimic reputable and familiar services, including the United States Postal Service (USPS).

Netcraft has identified over 20,000 domains associated with darcula spanning across 11,000 IP addresses, aimed at over 100 brands,” according to Netcraft. “Since the onset of 2024, Netcraft has observed an average of 120 new domains hosting darcula phishing pages daily.”

IMPORTANCE OF CYBERSECURITY TRAINING

While the use of iMessage and RCS introduces a new element to smishing attacks, basic security principles and training remain crucial in protecting oneself. Users should be wary of unsolicited messages, even those coming from seemingly familiar sources.

Phishing attempts often create a sense of urgency, urging users to click links or respond immediately. Taking a moment to verify the legitimacy of a message by contacting the sender directly through a verified phone number or website can help avoid falling victim to these scams.

According to Max Gannon, Cyber Intelligence Analysis Manager at Cofense, “Darcula, a very advanced phishing kit, paints a dire picture of phone-based phishing that individuals are not trained to avoid. This kit uses new techniques carefully designed to avoid security controls.“

“While this advanced phishing kit is problematic and avoids common security controls, a user trained properly to detect phishing emails should be just as likely to detect phishing messages on other platforms.“ Max emphasized.

“The existence of this kit emphasizes the importance of training individuals to be more vigilant across platforms. Even if a trained individual were to fall for the phishing attempt and click the link, the request for sensitive information like credit card details or SSNs should raise immediate concerns.“ he added.

TIPS ON STAYING SAFE

HOW TO SHIELD YOURSELF AGAINST DODGE:

• Watch for suspicious iMessages.
• Avoid messages from unknown senders.
• Verify messages from trusted organizations.
• Be cautious of urgent requests.
• Look out for misspellings and grammar errors.

How to Shield Yourself Against Phishing Attacks:

1. Avoid unknown links.
2. Verify sender.
3. Use 2FA.
4. Update iPhone.
5. Report suspicious messages.

Stay Alert, Stay Safe. Don’t overlook browser warnings. Consider security apps for added protection. By staying vigilant and following these steps, iPhone users can effectively shield themselves from darcula phishing attacks.

SHARE THIS ARTICLE!