New Darcula phishing service targets iPhone users via iMessage
A new phishing-as-a-service (PhaaS) named ‘Darcula’ uses 20,000 domains to spoof brands and steal credentials from Android and iPhone users in more than 100 countries.
Darcula has been used against various services and organizations, from postal, financial, government, taxation departments, to telcos, airlines, utility, offering fraudsters over 200 templates to choose from.
One thing that makes the service stand out is that it approaches the targets using the Rich Communication Services (RCS) protocol for Google Messages and iMessage instead of SMS for sending phishing messages.Darcula phishing service
Darcula was first documented last summer by security researcher Oshri Kalfon but Netcraft analysts report that the platform has been becoming more popular on the cybercrime space, and was recently used in several high-profile cases.
Abandoning SMS
Darcula diverges from traditional SMS-based tactics and instead utilizes RCS (Android) and iMessage (iOS) to send victims messages with links to the phishing URL.
The advantage from this is that the recipients are more likely to perceive the communication as legitimate, trusting the additional safeguards that aren’t available in SMS.
Moreover, since RCS and iMessage support end-to-end encryption, it is impossible to intercept and block phishing messages based on their content.
Netcraft comments that recent global legislation efforts aimed at curbing SMS-based cybercrime by blocking suspicious messages are likely pushing PhaaS platforms towards alternative protocols such as RCS and iMessage.
However, these protocols come with their own sets of restrictions that cybercriminals have to overcome.
Conclusion, users should protect SMS include URL so that it's sent from stranger
Source: Bleepingcomputer