- Around 600 danger actor is using Daraula, experts warns
- They have managed to steal more than 800,000 credit card details in less than a year.
- Mobile devices are the major goals for fishing nowadays
A notorious Fishing-e-Service (PHAAS) kit, Darula, has helped hundreds of users steal about a million credit cards in about half-year, cyber security researchers have said.
NRK, Bayericher Rundfunk, Le Monde, and analysts of Norwegian security firm Mnemonic have deep drilling in Darkula, which serves some 600 operators in just seven months between 2023 and 2024.
Hackers were able to generate 13 million clicks on malicious links sent through text messages for goals around the world – and as a result, 884,000 were able to steal credit cards.
Generative AI threats
Apparently, the darkla focuses on mobile platforms – Android and iOS, and uses 20,000 domains and can easily spoil famous brands.
It stands out of other similar platforms using RC and IMessage instead of normal SMS, making its attacks more effective.
To make cases worse, Darulas allows its users to auto-generate the fishing kit for almost any comprehensive brand, convert credit cards into virtual cards, and with the help of generative artificial intelligence (Jenai), they can create a fishing message on almost any subject and almost any subject.
The operators of the darkla are basically sugar, as most communication is performed in closure telegram groups and Chinese language. Researchers also saw the SIM farm and hardware setup that allow operators to offer mass text messages and credit card processing through terminals.
The September 2024 report by the security researchers argued four out of four of all the five (82%) of all fishing sites, as they target mobile devices, as they are usually weak and are more often unabated than desktops and laptop computers.
Defense against fishing, however, has not changed much. It still revolves around general knowledge, doubting all the coming messages, especially with those who are with the feeling of urgency, or unexpected enclosure.
Clicking on the link in email and SMS messages, especially hidden behind a placeholder or a URL shortner, is also risky.
Through BlappingCopper
