Darcula (PhaaS) Stolen 884,000 Credit Card Details on 13 Million Clicks from Users Worldwide

Security researchers have uncovered one of the largest credit card theft operations in recent history, with a sophisticated Phishing-as-a-Service (PhaaS) platform called “Darcula” responsible for stealing approximately 884,000 credit card details through a massive campaign that generated over 13 million clicks from unsuspecting users worldwide. The Darcula platform distinguishes itself from typical phishing operations through its advanced infrastructure and subscription-based model, allowing even low-skilled cybercriminals to launch sophisticated attacks. Mnemonic analysts identified the Darcula operation in February 2025 after tracing a pattern of credit card theft reported by financial institutions. The most sophisticated aspect of Darcula is its advanced infection mechanism, which employs a multi-stage payload delivery system to evade security solutions. Law enforcement agencies across multiple jurisdictions are coordinating efforts to track down the Darcula operators, though they acknowledge the sophisticated nature of the operation presents significant challenges to attribution and prosecution. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. Security experts estimate the financial damage could exceed $150 million based on current dark web values for stolen financial data. They recommend organizations implement advanced phishing detection systems and conduct regular security awareness training for employees and customers. The service provides customers with convincing replicas of banking websites, e-commerce platforms, and payment portals, complete with realistic SSL certificates and domain names designed to evade detection. These servers, often compromised legitimate websites, relay the information through a series of proxies before reaching Darcula’s secure storage infrastructure.

This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 06 May 2025 08:50:07 +0000


Cyber News related to Darcula (PhaaS) Stolen 884,000 Credit Card Details on 13 Million Clicks from Users Worldwide

Darcula PhaaS steals 884,000 credit cards via SMS phishing texts - In February 2025, the same researchers reported that Darcula had undergone a significant evolution, now allowing operators to auto-generate phishing kits for any brand, while also implementing new stealth features, a credit card to virtual card ...
3 weeks ago Bleepingcomputer.com
Darcula PhaaS steals 884,000 credit cards via phishing texts - In February 2025, the same researchers reported that Darcula had undergone a significant evolution, now allowing operators to auto-generate phishing kits for any brand, while also implementing new stealth features, a credit card to virtual card ...
3 weeks ago Bleepingcomputer.com
Darcula (PhaaS) Stolen 884,000 Credit Card Details on 13 Million Clicks from Users Worldwide - Security researchers have uncovered one of the largest credit card theft operations in recent history, with a sophisticated Phishing-as-a-Service (PhaaS) platform called “Darcula” responsible for stealing approximately 884,000 credit card ...
3 weeks ago Cybersecuritynews.com
Is Your Online Store Hacked in a Carding Attack? - Hackers are plotting to benefit from the generosity of Halloween, Thanksgiving, and Christmas shoppers using carding attacks as we gear up for the holiday season shopping. Online companies selling products or services are struggling with the growing ...
1 year ago Cybersecuritynews.com
Preventing Credit Card Fraud with PoS Malware: How Prilex Blocks Contactless Payments - New versions of the Prilex point-of-sale malware can block secure, NFC-enabled contactless credit card transactions, forcing consumers to insert credit cards that are then stolen by the malware. On a payment terminal, contactless transactions use NFC ...
2 years ago Bleepingcomputer.com
Darcula 3.0 Tool Automatically Generates Phishing Kit For Any Brand - The darcula phishing group has escalated cybercrime capabilities with its newly unveiled “darcula-suite 3.0,” a phishing-as-a-service (PhaaS) platform enabling criminals to automatically generate counterfeit websites for any brand within ...
3 months ago Cybersecuritynews.com
Ransomware attack on Patelco Credit Union causes confusion ahead of holiday weekend - One of the largest credit unions on the West Coast continues to struggle with its operations following a ransomware attack that began on Saturday. Patelco Credit Union - one of the nation's oldest credit unions with more than $9 billion in assets - ...
10 months ago Therecord.media
BidenCash darkweb market gives 1.9 million credit cards for free - The BidenCash stolen credit card marketplace is giving away 1.9 million credit cards for free via its store to promote itself among cybercriminals. BidenCash launched in early 2022 as a new marketplace on both the dark web and the clearnet, selling ...
1 year ago Bleepingcomputer.com
CTM360 Tracks Global Surge in SMS-Based Reward and Toll Scams - PointyPhish – Sends fake SMS alerts about expiring reward points to banking, airline, and retail store customers, leading to phishing pages that steal full credit/debit card details. CTM360 detected thousands of these phishing sites across ...
1 month ago Bleepingcomputer.com
4 Million Stolen Credit Cards to Be Released for Free by B1ack’s Stash Marketplace - Preliminary analyses suggest that the stolen credit card data was likely obtained through phishing campaigns, malware attacks, and compromised e-commerce platforms. The cybersecurity community is on high alert as B1ack’s Stash, a known ...
3 months ago Cybersecuritynews.com
Halting Hackers on the Holidays 2023 - As we saw with major holidays including Black Friday and Cyber Monday and now right around the corner and a massive increase in shopping online for the Christmas season, we count the breaches and total personally identifiable information records lost ...
1 year ago Cyberdefensemagazine.com
Prilex PoS Malware Blocks NFC Transactions to Steal Credit Card Data - The point-of-sale malware named Prilex has been modified to block contactless transactions in an effort to force users to insert their credit cards into terminals and steal their information. Initially detailed in 2017, Prilex has evolved from ...
2 years ago Securityweek.com
B1ack’s Stash MarketPlace Actors to Release 4 Million Stolen Credit Card Details for Free - The continuous leaks of sensitive financial data underscore the urgent need for enhanced cybersecurity measures, including proactive monitoring for compromised credentials, implementation of robust fraud detection systems, and improved user education ...
2 months ago Cybersecuritynews.com
FBI shares massive list of 42,000 LabHost phishing domains - The FBI has shared 42,000 phishing domains tied to the LabHost cybercrime platform, one of the largest global phishing-as-a-service (PhaaS) platforms that was dismantled in April 2024. The list can also be used by security teams to retrospectively ...
1 month ago Bleepingcomputer.com
9 online scams to watch out for this holiday season - By being aware of these common online scams and taking precautions, you can protect yourself and your family from becoming victims this holiday season. The holiday season is upon us, and that means it's time to start shopping for gifts. It's not just ...
1 year ago Blog.avast.com
Data of 560 million Ticketmaster customers for sale after alleged breach - A threat actor known as ShinyHunters is selling what they claim is the personal and financial information of 560 million Ticketmaster customers on the recently revived BreachForums hacking forum for $500,000. The allegedly stolen databases, which ...
1 year ago Bleepingcomputer.com Hunters
Credit union operations restored after tech supplier ransomware attack - The federal agency that oversees credit unions said operations at about 60 of the organizations have been restored following a ransomware attack last month. Ongoing Operations, a cloud services provider owned by credit union technology firm ...
1 year ago Therecord.media Lorenz
Prilex PoS Malware Evolves to Block Contactless Payments to Steal from NFC Cards - The Brazilian threat actors behind an advanced and modular point-of-sale malware known as Prilex have reared their head once again with new updates that allow it to block contactless payment transactions. Russian cybersecurity firm Kaspersky said it ...
2 years ago Thehackernews.com
Europol warns 443 online shops infected with credit card stealers - Europol has notified over 400 websites that their online shops have been hacked with malicious scripts that steal debit and credit cards from customers making purchases. Skimmers are small snippets of JavaScript code added to checkout pages or loaded ...
1 year ago Bleepingcomputer.com
Data allegedly stolen in Ticketmaster hack - A group of hackers say they have stolen the personal details of 560 million Ticketmaster customers. ShinyHunters, the group claiming responsibility, says the stolen data includes names, addresses, phone numbers and partial credit card details from ...
1 year ago Packetstormsecurity.com Hunters
9 tips to protect your family against identity theft and credit and bank fraud - With access to your personal information, bad actors can drain your bank account and damage your credit-or worse. By taking the right steps, you and your loved ones can enjoy the peace of mind that comes from identity protection. Check out the nine ...
1 year ago Webroot.com
New Versions of Prilex POS Malware Can Block Contactless Transactions - New versions of Prilex point-of-sale malware have been spotted in the wild. Their new capabilities include blocking Near Field Communication credit card transactions. This way clients are obliged to use the machine to pay, allowing the malicious code ...
2 years ago Heimdalsecurity.com
Unmasking Identity Theft: Detection and Mitigation Strategies - In an increasingly digital world, the threat of identity theft looms large, making it imperative for individuals to be proactive in detecting potential breaches and implementing effective mitigation measures. This article delves into key strategies ...
1 year ago Cybersecurity-insiders.com
23andMe confirms nearly 7 million customers affected in data leak - Nearly 7 million 23andMe customers had their profile data leaked in a cybersecurity incident in October, a company spokesperson confirmed to SC Media on Monday. The vast majority of the leaked data was scraped from the site's DNA Relatives feature ...
1 year ago Packetstormsecurity.com
ALPHV ransomware claims loanDepot, Prudential Financial breaches - The ALPHV/Blackcat ransomware gang has claimed responsibility for the recent network breaches of Fortune 500 company Prudential Financial and mortgage lender loanDepot. The two companies were added to ALPHV's dark web leak site today, with the threat ...
1 year ago Bleepingcomputer.com