Darcula Phishing Network Leveraging RCS and iMessage to Evade Detection

Darcula Phishing Network Leveraging RCS and iMessage to Evade Detection

March 28, 2024 at 11:39AM

Summary:
The Darcula phishing-as-a-service (PhaaS) platform utilizes over 20,000 counterfeit domains to target organizations globally. By leveraging iMessage and RCS protocols, it bypasses SMS firewalls, targeting entities in 100+ countries. Offering support for 200+ templates, it facilitates various phishing attacks, including smishing tactics, with an ability to update features and evade detection measures.

From the meeting notes, it is evident that a sophisticated phishing-as-a-service (PhaaS) platform called Darcula has been targeting organizations in over 100 countries with a wide range of tactics and techniques. Some key takeaways from the notes include:

– Darcula leverages a massive network of over 20,000 counterfeit domains to launch attacks at scale. It employs smishing (SMS phishing) tactics to target users of iMessage and RCS, bypassing traditional SMS firewalls and taking advantage of the encryption in these platforms to evade filtering by network operators.
– The platform offers support for about 200 templates impersonating legitimate brands, with a focus on postal services, public and private utilities, financial institutions, government bodies, airlines, and telecommunication organizations.
– Darcula’s phishing sites are hosted on purpose-registered domains backed by Cloudflare, Tencent, Quadranet, and Multacom, with over 20,000 domains across 11,000 IP addresses detected.
– The platform is continuously updating its phishing sites with new features and anti-detection measures, making it a persistent threat.
– It has also been observed that Darcula utilizes iMessages and RCS to deliver messages with clickable links, attempting to bypass safety measures in iMessage and using bogus email accounts to send messages.

The notes also mention a new wave of phishing attacks targeting Apple’s password reset feature, as well as the use of SIM swapping to gain unauthorized access to victims’ online services.

Overall, the meeting notes paint a detailed picture of the sophisticated tactics employed by Darcula and the emerging trends in phishing attacks, emphasizing the need for heightened vigilance and robust security measures to combat such threats.

Full Article