After researchers unmasked a prolific SMS scammer, a new operation has emerged in its wake
If you’ve received a suspicious text message regarding an unpaid toll or an undelivered package, you’re not alone. Such messages have become a common tactic for sophisticated scamming operations targeting mobile users across the U.S. and internationally.
These scams, while seemingly simple, are remarkably effective. Scammers send deceptive text messages impersonating legitimate services like postal deliveries or local government programs. Unsuspecting recipients who click on the provided links are often directed to phishing pages where their credit card details are captured and exploited for fraudulent activities. In a seven-month period during 2024, one such prolific operation, known as ‘Magic Cat,’ managed to steal at least 884,000 credit card details, with some victims losing thousands of dollars.
The operation behind Magic Cat was attributed to a scammer identified by the handle ‘Darcula,’ whose real-world identity was revealed to be Yucheng C., a 24-year-old Chinese national. This revelation came after a series of operational security (opsec) mistakes by Darcula, which allowed security researchers and investigative journalists to uncover his identity. Darcula reportedly developed Magic Cat, a ‘phishing-as-a-service’ software, which he supplied to hundreds of customers to launch their own SMS scam campaigns.
Image Credits:via Mnemonic
Following Darcula’s unmasking earlier this year, his Magic Cat operation ceased updates, leaving his customers without support. However, this void has quickly been filled by a new, even more aggressive operation named ‘Magic Mouse.’ Security experts are now raising alarms about this emergent threat, which is reportedly already surpassing its predecessor in scale and effectiveness.
Harrison Sand, an offensive security consultant at the Oslo-headquartered security firm Mnemonic, which was instrumental in exposing Darcula, warned that Magic Mouse has seen a significant surge in popularity since Magic Cat’s demise. Mnemonic’s investigations have uncovered evidence suggesting that Magic Mouse is a distinct operation, coded by new developers. Despite this, the new operators have leveraged stolen phishing kits from Magic Cat, which contain hundreds of fake websites designed to mimic major tech companies and delivery services, thereby tricking victims into surrendering their financial information.
Sand also highlighted that while these operations net millions, law enforcement often focuses on isolated incidents rather than the broader schemes. He suggested that tech companies and financial institutions bear significant responsibility for enabling these scams by not implementing more robust security measures against the use of stolen cards.
The scale of the new threat is substantial; Magic Mouse is already responsible for the theft of an estimated 650,000 credit cards per month. Internal communications from Darcula’s Telegram channel, uncovered by Mnemonic, revealed the operational setup, including payment terminals and racks of phones used for automated message sending. Scammers utilize stolen card details in mobile wallets for payment fraud and money laundering.
For consumers, the most effective defense remains vigilance. Ignoring suspicious or unsolicited text messages is the recommended course of action to avoid falling victim to these evolving digital threats. Findings from this investigation were set to be shared at the Def Con security conference in Las Vegas.
