Close this search box.

All About Darcula Phishing Attacks

Are you using an Apple iPhone? If the answer is yes, then you are susceptible to the infamous Darcula phishing attacks. This Chinese language Phishing-as-a-Service (PhaaS) platform has reportedly been around since 2023 but widespread activity began in early 2024. Since then, Darcula has impacted iPhone users in over 100 countries. In this blog we will discover what exactly the attack is, how it works and how you can protect your devices from falling prey to this attack.

What is Darcula?

Darcula is essentially a phishing kit available to rent. The kit enables cyber attackers to set up fake websites that look like real ones allowing them to steal your personal information, like passwords or credit card details.

It uses iMessage and Rich Communication Services (RCS) messaging as opposed to the traditional SMS/ text message-based phishing, which is popularly known as smishing attacks.  This new medium that Darcula uses allows it to look more and feel more authentic to the end user.

How Does Darcula Work?

There are three main steps to how a Darcula exploit works.

  • Sends Sly Messages: Instead of regular SMS messages, Darcula uses iMessage and RCS messaging apps to send phishing texts. The message will likely contain a link and a message urging the recipient to click on it. This message might pretend to be about a package delivery, a bank issue, or something else that sounds urgent. United States Postal Service and the Royal Mail of UK have been commonly attacked domains.
  • Dummy Website links that look real: When someone clicks the link in the message, they land on a fake website that Darcula creates. This fake website can be designed to look exactly like a real website, such as a bank’s login page or a postal service’s tracking portal. The researchers claim that the purpose-registered domains for the phishing assaults are typically hosted by the Darcula service using “. top” and “.com” top-level domains, with about one-third of those being supported by Cloudflare. Research states that there are almost 20,000 active Darcula Phishing domains.
  • Information Theft: Once you enter your particulars onto these fake websites, Darcula gets access to and steals it. The attacker can then use this information for malicious activities like stealing money, making unauthorized purchases, or taking over the victim’s accounts.

Common Darcula Messages to Beware of

Darcula iMessage is known for its sneaky approach in trying to trick you into clicking a link.  The common three-point checklist for a Darcula detection is that it usually creates a sense of urgency, looks like a legitimate source and will definitely have a link. Here are the common disguises they use in their messages:

  • Missed Delivery: A classic phishing attack tactic, Darcula messages might claim you have a missed package delivery and need to reschedule or confirm details by clicking a link.
  • Fake Account Issues: These messages could impersonate your bank, credit card company, or another service you use. They might warn of suspicious activity on your account and ask you to verify your information through a link.
  • Urgent Notifications: Darcula preys on urgency. Messages might claim there’s a problem with your account that needs immediate attention, or a limited time offer you can’t miss if you click the link.

How can you avoid being a Darcula Phishing victim?

While the Darcula-based phishing attacks are known for being hyper-realistic and meant to easily trick users into falling for it, here are some things you can do to remain cautious.

  • Be wary of clicking links: Even when links in communications appear important, take your time clicking on them. Think for a second about if the message sounds suspicious or is unexpected.
  • Double check the sender: Messages claiming to be from your bank, credit card company, or other service providers should not be trusted. Check for misspellings, grammatical mistakes, or odd email addresses.
  • Verify with the official source: If a message claims there’s an issue with your account, log in to the official website (by typing the address yourself) and check your account directly. Don’t use any links provided in the message.
  • Don’t fall for dream scams: Darcula may try to entice you in with discounts or enticing offers. Anything that seems too wonderful to be true is most often not.
  • Keep Software Updated: Vulnerabilities in outdated software can be exploited by hackers. Update the web browser, operating system, and security applications on your phone frequently.

Darcula Scam Protection for Companies

While Darcula exploits individuals mostly, companies can also be impacted if employees fall victim. Here’s what organizations can do to protect themselves:

  • Employee Awareness: Educate your employees about the Darcula PhaaS attacks and train them to identify these messages, verify senders, and avoid clicking on unknown links.
  • Multi-Factor Authentication (MFA): Consider implementing MFA to secure your active directory. This adds an extra layer of security beyond passwords, making it harder for attackers to access accounts even if they steal login credentials through Darcula. Fidelis Active Directory Intercept can help you get complete all round protection for your AD.
  • Keep your Systems Updated: Ensure all company devices have robust security software installed and are kept up to date. This can help detect and block phishing attempts.

Despite Darcula’s devious phishing tactics, you can safeguard yourself by remaining knowledgeable and adhering to secure procedures. Recall that maintaining security takes a team. By spreading this knowledge, you can assist others from becoming victims as well. Remain alert and use caution when browsing!

Picture of Neeraja Hariharasubramanian
Neeraja Hariharasubramanian

Neeraja, a journalist turned tech writer, creates compelling cybersecurity articles for Fidelis Security to help readers stay ahead in the world of cyber threats and defences. Her curiosity & ability to capture the pulse of any space has landed her in the world of cybersecurity.

Related Readings

One Platform for All Adversaries

See Fidelis in action. Learn how our fast and scalable platforms provide full visibility, deep insights, and rapid response to help security teams across the World protect, detect, respond, and neutralize advanced cyber adversaries.