Cybercriminals have developed an elaborate new phishing platform

As reported by BleepingComputer, the new platform, named Darcula by its creators, impersonates popular brands with over 200 different templates to choose from when launching phishing attacks against target users to use 20,000 fake domains

We have seen elaborate phishing scams before, but what makes this one unique is that instead of using regular SMS text messages to send phishing messages, they use Apple's iMessage and Google's RCS protocols to targeting users

Whether you use one of the best iPhones or one of the best Android phones, here's everything you need to know about this new phishing service and what you need to know about falling victim to a phishing attack and becoming a hacker and some steps you can take to avoid the possibility of having your online account hijacked by a hacker

Like Malware-as-a-Service, Darcula is distributed for a fee on online hacking forums Upon paying the required fee, hackers can use this platform to launch their own attacks against unsuspecting users

Darcula was first discovered last summer by security researcher Oshri Kalfon, but cybercrime detection and interdiction firm Netcraft revealed in a new blog post that this Chinese language phishing platform has recently become even more popular among cybercriminals in a new blog post

Besides utilizing iMessage and RCS in its attacks, Darcula also employs the latest technologies such as JavaScript, React, Docker, and Harbor This allows for continuous updates to the platform, including new features and templates Additionally, hackers using this phishing kit do not need to reinstall the updates when they become available

In addition to making it easier for hackers to craft phishing messages, Darkura includes fake landing pages for shipping companies such as USPS, DHL, and other popular brands These fake pages look almost identical to the legitimate ones and are free of spelling and grammatical errors

Once the attacker selects the brand they wish to impersonate and runs the setup script, Darcula installs the matching phishing site and administrative dashboard directly into the Docker environment According to Netcraft, this phishing platform is typically hosts these fake sites using the "top" and "com" top-level domains

You may wonder why the Darcula phishing platform uses iMessage or RCS instead of SMS, but the reason is simple: doing so adds legitimacy to the phishing message

Potential victims are more likely to believe a message is legitimate if it is sent through iMessage or delivered using RCS At the same time, neither messaging standard supports end-to-end encryption as well as the best encrypted messaging apps, so phishing messages sent using them cannot be intercepted or blocked based on their content

However, there are some safeguards For example, Apple bans accounts that send many messages to multiple recipients At the same time, Google recently added restrictions that prevent rooted Android phones from sending and receiving RCS messages Still, hackers using the platform attempt to circumvent these restrictions by creating multiple Apple IDs and using device farms to send a small number of messages from each device

However, iMessage has yet another limitation Apple's messaging service does not allow iPhone users to click on links in messages if they have not first replied Thus, these phishing messages ask the recipient to reply with a "Y" or "1" and then re-open the message to access the included link

Like many other cyber attacks, phishing attacks often attempt to instill a sense of urgency in the victim to take action

In the examples shared by Netcraft, many of the phishing messages were about undelivered packages Frequent online shoppers, such as on Prime Day, Black Friday, and other big shopping days, are more likely to see such phishing messages, think there might be something wrong with their order, and take action

For this reason, one should always be cautious when receiving any kind of message regarding an online order or delivery In particular, you want to avoid anything that asks you to click on a link, especially if you do not know the recipient Even then, it is easy to impersonate the company by copying their logo or the language used in the message This is why you should always stop and think a little before replying to a suspicious message or clicking on a link in it

If the message is about a USPS package not arriving, check to see if the order was shipped using this particular carrier Also, check the store's page for the latest tracking information Usually, USPS, FedEX, UPS, and other shipping companies do not send such messages Another thing to look for is strange top-level domains Most companies in the US use "com," so if the USPS web address ends in "top," you will immediately know it is a phishing message

Phishing continues to be a very successful attack tactic for cybercriminals and fraudsters This means it is up to you to check the message carefully and look for anything suspicious However, if in doubt, do not click or reply to the message, even if it is legitimate