Darcula

{{Short description|Chinese phishing-as-a-service platform}}

Darcula is a "phishing as a service" (PhaaS) Chinese-language platform which has been used in phishing attacks against organizations (government, airlines) and services (postal, financial) in over 100 countries.{{Cite web|url=https://thehackernews.com/2024/03/darcula-phishing-network-leveraging-rcs.html|title=Darcula Phishing Network Leveraging RCS and iMessage to Evade Detection |website=The Hacker News}}{{Cite web|url=https://www.bleepingcomputer.com/news/security/new-darcula-phishing-service-targets-iphone-users-via-imessage/|title=New Darcula phishing service targets iPhone users via iMessage|website=BleepingComputer}}

Darcula offers to cybercriminals more than 20,000 counterfeit domains (to spoof brands) and over 200 templates.

Darcula uses iMessage and RCS (Rich Communication Services) to steal credentials from Android and iPhone users.{{Cite web|url=https://www.darkreading.com/endpoint-security/-darcula-phishing-as-a-service-operation-bleeds-victims-worldwide|title='Darcula' Phishing-as-a-Service Operation Bleeds Victims Worldwide|website=www.darkreading.com}}

In May 2025, the Norwegian Broadcasting Corporation (NRK) in collaboration with BR, Le Monde, and the Norwegian cybersecurity company mnemonic reported on Darcula.{{Cite web|url=https://www.nrk.no/dokumentar/xl/inside-the-scam-network-1.17399135|title=Inside the Scam Network|website=nrk.no}}{{Cite web|url=https://www.br.de/nachrichten/deutschland-welt/the-chinese-scammers-behind-the-fake-dhl-messages,Uk3eWOB|title=The Chinese Scammers Behind the Fake DHL Messages

|website=br.de}}{{Cite web|url=https://www.lemonde.fr/pixels/article/2025/05/04/votre-colis-n-a-pas-pu-etre-livre-enquete-sur-les-arnaques-a-la-carte-bancaire-par-sms_6602832_4408996.html|title=« Votre colis n’a pas pu être livré » : enquête sur les arnaques à la carte bancaire par SMS|website=lemonde.fr}}{{Cite web|url=https://www.mnemonic.io/resources/blog/exposing-darcula-a-rare-look-behind-the-scenes-of-a-global-phishing-as-a-service-operation/|title=Exposing Darcula: a rare look behind the scenes of a global Phishing-as-a-Service operation|website=mnemonic.io}} They reported that the group was able to steal a total of 884,000 credit cards from victims during a period of seven months between 2023 and 2024. They also claim that the software used by the group, Magic Cat, was developed by Yucheng C., a 24-year old man from Henan, China.{{Cite web|url=https://www.nrk.no/dokumentar/xl/the-hunt-for-darcula-1.17399157|title=The Hunt for Darcula|website=nrk.no}}