A new Chinese-language phishing-as-a-service (PhaaS) platform named

‘Darcula’ phishing platform targets postal organizations worldwide

submited by
Style Pass
2024-03-28 20:30:05

A new Chinese-language phishing-as-a-service (PhaaS) platform named "darcula" has been targeting postal organizations in more than 100 countries, including the United States Postal Service (USPS).

Netcraft researchers said in a March 27 post that the attacks use more than 20,000 phishing domains to trick victims into entering credentials and other sensitive information in the belief they are interacting with legitimate postal organizations.  

The researchers said the “darcula” platform has been used for numerous high-profile phishing attacks over the last year, including messages received on Apple and Android devices in the United Kingdom, as well as package scams impersonating USPS in the United States. There have also been many attacks across the Middle East.   

“We found ‘darcula’ to be the most pervasive worldwide package scam operation we have seen,” said Robert Duncan, vice president of product strategy at Netcraft. “Other operations we have seen recently have been of a much smaller scale and more geographically targeted. For example, Frappo/LabHost focused more on North American and multinational brands.”

Leave a Comment