Sunday, April 14, 2024

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information and grant unauthorized access.

It’s an effective social engineering technique that can bypass even robust technical security measures. 

Phishing kits and services provide a low-cost, low-effort way to conduct widespread attacks, which makes them attractive options for threat actors seeking financial gains and access to valuable data.

Recently, cybersecurity analysts at Netcraft discovered that threat actors are actively exploiting the Dracula phishing service to attack USPS and global postal services via iMessage.

iPhone Darcula Phishing Attack

‘Dracula’ is a sophisticated Phishing-as-a-Service (PhaaS) platform leveraging modern web technologies like JavaScript, React, Docker, and Harbor.

It has been used for over 20,000 phishing domains conducting high-profile campaigns. 

A key tactic is using iMessage and RCS instead of SMS to bypass filters and leverage user trust for “smishing” attacks impersonating postal services across more than 100 countries. 

This enables uniquely effective data extraction by exploiting messaging platforms’ perceived legitimacy and evading typical SMS-based scam defenses. 

The Dracula platform was developed by a Telegram user and it offers easy deployment of constantly updatable phishing sites with hundreds of templates targeting global brands.

Phishing landing pages (Source – Netcraft)

Unlike typical phishing kits, darcula websites can update in-place with new features and anti-detection measures like changing malicious content paths for obfuscation.

The group monetizes through paid monthly subscriptions for other threat actors, reads the report.

The Darcula PhaaS offers around 200 phishing templates targeting over 100 brands across more than 100 countries, primarily postal services and trusted institutions like utilities, banks, and governments.

Phishing landing pages targeting postal services (Source – Netcraft)

It uses purpose-registered domains spoofing brand names, favoring .top, .com, and other low-cost TLDs, with 32% on Cloudflare. Over 20,000 darcula domains across 11,000 IPs have been detected, with 120 new ones daily in 2024. 

Front pages cloaked with fake domain sale pages, previously redirecting bots to cat breed searches – aligning with darcula’s cat-themed branding.

Anti-detection tactics demonstrate the platform’s sophistication.

darcula anti-monitoring redirecting site crawlers to a cat breed (Source – Netcraft)

Unlike traditional SMS phishing, darcula leverages the encrypted messaging platforms RCS (on Android) and iMessage (Apple) to bypass spam filters and leverage user trust.

darcula phishing messages targeting iMessage users (Source – Netcraft)

RCS/iMessage provides encryption bypassing recent anti-SMS spam legislation, incurs no per-message costs, and overcomes platform security controls through tactics like reply-prompting and device farms. 

While aiding user privacy, end-to-end encryption obfuscates message content from network-level filtering.

Threat actors exploit these advantages for widespread “smishing” campaigns impersonating trusted brands while evading typical SMS defenses. 

Researchers urged users to stay vigilant against unsolicited messages from unrecognized senders and said that anti-phishing tools remain key protection measures.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.


Latest articles

Alert! Palo Alto RCE Zero-day Vulnerability Actively Exploited in the Wild

In a recent security bulletin, Palo Alto Networks disclosed a critical vulnerability in its...

6-year-old Lighttpd Flaw Impacts Intel And Lenovo Servers

The software supply chain is filled with various challenges, such as untracked security vulnerabilities...

Hackers Employ Deepfake Technology To Impersonate as LastPass CEO

A LastPass employee recently became the target of an attempted fraud involving sophisticated audio...

Sisence Data Breach, CISA Urges To Reset Login Credentials

In response to a recent data breach at Sisense, a provider of data analytics...

DuckDuckGo Launches Privacy Pro: 3-in-1 service With VPN

DuckDuckGo has launched Privacy Pro, a new subscription service that promises to enhance user...

Cyber Attack Surge by 28%:Education Sector at High Risk

In Q1 2024, Check Point Research (CPR) witnessed a notable increase in the average...

Midnight Blizzard’s Microsoft Corporate Email Hack Threatens Federal Agencies: CISA Warns

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive concerning a...
Tushar Subhra Dutta
Tushar Subhra Dutta
Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Top 3 SME Attack Vectors

Securing the Top 3 SME Attack Vectors

Cybercriminals are laying siege to small-to-medium enterprises (SMEs) across sectors. 73% of SMEs know they were breached in 2023. The real rate could be closer to 100%.

  • Stolen credentials
  • Phishing
  • Exploitation of vulnerabilities

Related Articles