Discovering a recent article in December that read: “Google sues another Chinese scam group over a large phishing scheme,” we decided to research the Chinese group. Turns out that millions of scam text messages were sent to Americans and the phishing platform has become popular among cybercriminals. Google decided to take legal action to shut down the infrastructure of the operation, which is responsible for 80 percent of all phishing texts.
This cybercriminal group is known as Darcula; it involves fake text messages and fake websites. Many articles written about Darcula include a photo of “Dracula” the vampire. One such article for example reads: “Darcula Bites…” requiring the reader to take a second glance. Is the article about Dracula or Darcula? Dracula, the Transylvania vampire, is known to bite the neck of unsuspecting victims. Darcula, the Chinese group, involves scam campaigns designed to take a bite out of your wallet.
Darcula is a subscription-based platform that has targeted users in over 100 countries. The group sells software that enables users to send phishing text messages en masse, impersonating organizations such as the IRS and the US Postal Service. Their signature program called “Magic Cat” provides an easy way to spam millions of phone numbers with links to fake websites. These messages direct victims to phishing websites hosted on over 20,000 domains that mimic legitimate websites. Scammers pay a monthly fee for access to Magic Cat, and it is reported that cybercriminals without advanced hacking skills can quickly spam millions of phone numbers with links to fake websites.
Instead of using ordinary SMS text messages to send phishing messages, this platform uses Apple’s iMessage and Google’s RCS (Rich Communication Services) protocol to target users. By using RCS and iMessage, it allows scammers to bypass SMS firewalls and spam filters to reach more potential victims. The latest version of the software includes a tool that utilizes AI to create a fake version of almost any website within minutes. The following is an example of a fake website found on Google.
Peter Davis looks up his favorite pizza place (Crust Pizza) via Google and clicked on the first result which happened to be a sponsored result (paid placement by an advertiser.) He logs into his Crust account (so he thought,) and the site showed him that he had earned a free pizza for his loyalty. Mr. Davis proceeds to order two pizzas for about $25. At the moment of ordering his pizza, his bank app notified him of a transaction to authorize. He quickly clicked on the app to approve the transaction. The payment processing wheel kept spinning on the website. The notification from the bank app indicated a payment of $570.93 – not $25 and not to Crust Pizza but to Soax LTD in London. The bank claimed Mr. Davis authorized the transaction and they would not refund his money. The scam website disappeared. The scammers had used the Soax LTD company in the UK to hide their IP address and location which allowed them to evade detection. Mr. Davis was left with the lingering question: what is Google’s responsibility when it comes to fake website scams?
The Bottom Line: Google’s lawsuit is designed to give the company legal standing to seize websites Darcula uses. Google estimates that Darcula stole nearly 900,000 credit card numbers, and Google has received more than 5,000 complaints about scam text messages from September to November alone. Google’s legal complaint names Yucheng Chang as the leader of the group. It also accuses 24 other defendants who are unnamed and whose identities Google does not know. Chang resides in China while other group members could live in other foreign countries.
We remind our readers that phishing attacks often try to instill a sense of urgency in messages, prompting you to take immediate action. When ordering online, remain suspicious with sponsored ads. Remain suspicious of text messages that contain any “undeliverable package” notification. Next month we will discuss ways to detect a fake website.
Two Techs – your locally owned computer support company. Find us on the web at www.twotechs.com or email us at: support@twotechs.com or call 352-200-2365. USF, MIS, MCP, A+, Network+ & CISSP (References used; tomsguide,, Forbes, Bleepingcomputer, ABCnews)