Security experts have recently issued a warning about a new phishing attack method named Darcula that targets Android and iPhone users. The attack has already caused significant consequences in over 100 countries.
Like most phishing attacks, Darcula too impersonates recognized entities to collect sensitive information from users. However, what sets this attack method apart is its complexity. While previous attacks spread via SMS, Darcula uses the RCS communication standard, which makes it difficult for Google and Apple to deal with it. Both Google Messages and iMessage have end-to-end encryption for messages, which makes it impossible for companies to block a threat based on its text content.
According to the Netcraft organization, Darcula has become increasingly common in recent times and has been used in high-profile cases. The attack method uses modern technologies such as JavaScript, React, Docker, and Harbor, and has a library of over 200 website templates that impersonate brands or organizations in more than 100 countries. These templates are of high quality and are very similar to the official ones.
Darcula’s modus operandi involves sending a link to the victim with incomplete message content and asking the recipient to visit their page to see fuller details. Due to the high fidelity of impersonation websites, less experienced users can fall prey to the attack and provide sensitive data, which is then used for unknown purposes.
Netcraft claims to have detected 20,000 Darcula domains transferred to more than 11,000 IP addresses. The report also states that 120 new domains are added every day, making identification more difficult.
Given the gravity of the situation, users must be extra cautious when entering personal data into sources provided via messages, direct calls, and unknown senders.
