Security News > 2024 > March > Attackers leverage weaponized iMessages, new phishing-as-a-service platform

Those quirky choices aside, the platform is a serious threat: it allows criminals that are not that tech savvy to automate many of the steps needed to launch a phishing campaign, thus lowering the barrier to entry in the world of cybercrime.

Its use of JavaScript, React, Docker, and Harbor Its capability to update phishing sites with new features and anti-detection measures without having to remove and re-install the phishing kit.

"The Darcula platform has been used for numerous high-profile phishing attacks over the last year, including messages received on both Apple and Android devices in the UK, as well as package scams impersonating United States Postal Service highlighted in numerous posts on ," the researchers noted.

Previous research by automation engineer Oshri Kalfon, who managed to access the administration panel of one of the phishing pages set up via Darcula, revealed that many targets get fooled into entering their information, as well as the many phishing page templates phishers can choose from.

The domains hosting the phishing pages are usually not compromised, but purposefully registered and named so that they resemble the relevant brand name, to complete the illusion.

The advice that's usually given out to consumers on how to avoid SMS-based phishing holds true: be careful when evaluating whether you'll click on links sent via unsolicited messages or by unknown senders.

News URL

https://www.helpnetsecurity.com/2024/03/27/phishing-imessages-google-messages/