06-05-2025
884,000 Credit Cards Stolen With 13 Million Clicks By A Magic Cat
Darcula steals 884,000 credit cards — here's how. getty
Two threats have been dominating cybersecurity news headlines recently: phishing and 2FA-bypass attacks. The former is often a precursor to the latter, of course. But what if there were a campaign that combined the two in one deadly attack? Welcome to the distinctly dangerous world of Darcula and the Magic Cat, which has proven that nearly 900,000 credit cards can be stolen with enough clicks if you do. Forbes Confirmed — 19 Billion Compromised Passwords Published Online By Davey Winder
According to cybersecurity researchers Harrison Sand and Erlend Leiknes, working with Mnemonic, cybercriminals with the Darcula group have been using custom-made malware called Magic Cat to target consumers, mainly in North America and Europe, and steal credit card data. The Mnemonic report, took a deep technical dive into the SMS text message phishing-as-a-service attacks executed by the Darcula group since December 2023. An investigation into the mastermind behind the Magic Cat attacks revealed a phishing operation with victims spanning 32 countries, involving 13 million clicks, and ending up with a not-so-shabby payload of some 884,000 stolen credit cards. I advise you read both to get a full understanding of the threat and the dangerous criminals behind it.
Having successfully created some code that enabled them to read the messages that the attackers were seeing, the security researchers said they were shocked at what this was. 'Flying by our screen was a stream of names, addresses, and credit cards, a real-time feed of hundreds of victims being phished.' Eventually, the researchers were able to access the Telegram group used by Darcula members and download the Magic Cat malware itself.
It turned out to be rather easy to get the software configured. 'All we had to do was copy and paste that one simple command,' Sand and Leiknes said, 'and the phishing software was basically ready to go.'Once, that is, they had hacked their way into activating the unlicensed copy they now had. It is this ease of use that attracts so many attackers to such phishing kits, but it's not what concerns some security experts the most about Magic Cat. Forbes Google Says Critical Android 'No User Interaction' Attacks Underway By Davey Winder
Javvad Malik, the lead security awareness advocate at KnowBe4, acknowledged the sophistication and scale of the credit card phishing cyberattacks, but said that 'what is particularly alarming is Darcula's ability to circumvent multi-factor authentication through real-time session hijacking.' Addressing this 2FA cookie-stealing threat, Malik said, requires a coordinated response from the financial institution, cybersecurity firm and law enforcement agencies triad. The Darcula campaign and Magic cat malware, Malik concluded, 'serves as a reminder that constant vigilance and adaptive security measures are essential.'
