This new phishing attack targets iPhone and Android alike via RCS
Darcula PhaaS is proving unfortunately good at bypassing security
A new phishing service has been detected sporting a unique way of approaching iOS and Android users.
The Phishing-as-a-Service (PhaaS) tool, called “Darcula” and uncovered by researchers at Netcraft, stands out from the crowd as it reaches out to its victims via the Rich Communication Services (RCS) protocol for Google Messages and iMessage, instead of the usual Short Message System (SMS).
There are two reasons for the move to RCS, they explain, with the first one being an improved sense of legitimacy of the messages. The second one is that RCS messages are end-to-end encrypted, making them impossible to intercept, or block based solely on the contents of the message.
Thousands of domains and IP addresses
It’s impossible to say how many people received these smishing messages, but we do know that they’re located in more than 100 countries around the world.
Hackers who sign up for the service can impersonate dozens of organizations, choosing between more than 200 phishing templates. After paying for the subscription, the threat actors can choose one of many companies in the postal, financial, government, tax, telecommunications, airlines, and utility verticals, and get a dedicated phishing website with properly aligned fonts, logo images, and more.
The researchers described the phishing websites as “high quality”.
“The Darcula platform has been used for numerous high-profile phishing attacks over the last year, including messages received on both Apple and Android devices in the UK, as well as package scams impersonating United States Postal Service (USPS) highlighted in numerous posts on Reddit’s /r/phishing,” the researchers explained in their writeup.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
The PhaaS apparently has some 20,000 domains, across 11,000 IP addresses. More than 100 new domains are being added to the tool, every day.
As usual, the best way to defend against phishing is to use common sense. If the message is unexpected, sounds strange, or too good to be true, extra caution is advised.
Via BleepingComputer
More from TechRadar Pro
- A new phishing kit is targeting Gmail and Microsoft email accounts — and it can even bypass 2FA
- Here's a list of the best firewalls around today
- These are the best endpoint security tools right now
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.