Darcula (PhaaS) Stolen 884,000 Credit Card Details on 13 Million Clicks from Users Worldwide
\n \t
\n
<\/BR>
\n
\n \t
\n
<\/BR><\/p>\n
Security researchers have uncovered one of the largest credit card theft operations in recent history, with a sophisticated Phishing-as-a-Service (PhaaS) platform called \u201cDarcula\u201d responsible for stealing approximately 884,000 credit card details through a massive campaign that generated over 13 million clicks from unsuspecting users worldwide.<\/p>\n
The operation, which began in late 2024, has targeted consumers across 32 countries, with the highest concentration of victims in North America and Europe.<\/p>\n
Security experts estimate the financial damage could exceed $150 million based on current dark web values for stolen financial data.<\/p>\n
The Darcula platform distinguishes itself from typical phishing operations through its advanced infrastructure and subscription-based model, allowing even low-skilled cybercriminals to launch sophisticated attacks.<\/p>\n
The service provides customers with convincing replicas of banking websites, e-commerce platforms, and payment portals, complete with realistic SSL certificates and domain names designed to evade detection.<\/p>\n
Most concerning is Darcula\u2019s ability to bypass multi-factor authentication through real-time session hijacking<\/a> techniques that intercept and relay authentication codes.<\/p>\n The massive campaign\u2019s success stems from its multi-channel approach, delivering malicious links through email, SMS, social media messaging, and compromised advertising networks.<\/p>\n Victims typically receive urgent messages claiming issues with their accounts or purchases, directing them to fraudulent sites that capture their credentials and payment information.<\/p>\n The operation\u2019s scale suggests a well-organized cybercriminal syndicate with significant resources and technical expertise behind it.<\/p>\n