Darcula

Darcula is a "phishing as a service" (PhaaS) Chinese-language platform which has been used in phishing attacks against organizations (government, airlines) and services (postal, financial) in over 100 countries.^[1][2] Darcula offers to cybercriminals more than 20,000 counterfeit domains (to spoof brands) and over 200 templates.^[1][2] Darcula uses iMessage and RCS (Rich Communication Services) to steal credentials from Android and iPhone users.^[3]

In May 2025, the Norwegian Broadcasting Corporation (NRK) in collaboration with BR, Le Monde, and the Norwegian cybersecurity company mnemonic reported on Darcula.^[4][5][6][7] They reported that the group was able to steal a total of 884,000 credit cards from victims during a period of seven months between 2023 and 2024. They also claim that the software used by the group, Magic Cat, was developed by Yucheng C., a 24-year old man from Henan, China.^[8]