Security researchers have uncovered one of the largest credit card theft operations in recent history, with a sophisticated Phishing-as-a-Service (PhaaS) platform called “Darcula” responsible for stealing approximately 884,000 credit card details through a massive campaign that generated over 13 million clicks from unsuspecting users worldwide. The Darcula platform distinguishes itself from typical phishing operations through its advanced infrastructure and subscription-based model, allowing even low-skilled cybercriminals to launch sophisticated attacks. Mnemonic analysts identified the Darcula operation in February 2025 after tracing a pattern of credit card theft reported by financial institutions. The most sophisticated aspect of Darcula is its advanced infection mechanism, which employs a multi-stage payload delivery system to evade security solutions. Law enforcement agencies across multiple jurisdictions are coordinating efforts to track down the Darcula operators, though they acknowledge the sophisticated nature of the operation presents significant challenges to attribution and prosecution. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. Security experts estimate the financial damage could exceed $150 million based on current dark web values for stolen financial data. They recommend organizations implement advanced phishing detection systems and conduct regular security awareness training for employees and customers. The service provides customers with convincing replicas of banking websites, e-commerce platforms, and payment portals, complete with realistic SSL certificates and domain names designed to evade detection. These servers, often compromised legitimate websites, relay the information through a series of proxies before reaching Darcula’s secure storage infrastructure.
This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 06 May 2025 08:50:07 +0000