PointyPhish – Sends fake SMS alerts about expiring reward points to banking, airline, and retail store customers, leading to phishing pages that steal full credit/debit card details. CTM360 detected thousands of these phishing sites across multiple countries, indicating that this isn’t just a localized issue — it’s a coordinated, global effort. Similarly, TollShark involves over 2,000 domains and phishing sites, exploiting fears of unpaid tolls to capture sensitive information from unsuspecting individuals. CTM360 has observed a notable surge in two SMS-based phishing campaigns: PointyPhish (reward scams) and TollShark (toll payment scams). Darcula isn’t just a phishing kit — it’s a full PhaaS platform for scams. Built on React and Docker, Darcula enables cybercriminals to launch phishing sites in under 10 minutes. Both attacks are simple in structure: they begin with SMS distribution, create urgency, impersonate a trusted brand, and lead customers into giving up payment details. The widespread nature of these attacks shows a clear intent to target individuals at scale, with the goal of stealing sensitive financial data. What started with 6,000+ URLs linked to a specific banking attack has now grown to 16,000+ impersonation sites across multiple malware variants. Victims are redirected to phishing sites mimicking real brands. While tracking these campaigns, CTM360 uncovered an exposed admin panel used by attackers managing Darcula Suite. Victims are directed to fake payment pages that collect personal and financial data. including screenshots, domain samples and insights into how the scams are structured and operate on a global scale, read the full report at .
This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 17 Apr 2025 14:50:08 +0000