New SMS Scam Emerges After Prolific Scammer Unmasked

The Rise of SMS Scams and the Emergence of "Magic Mouse"

A significant number of mobile phone users in the United States, and globally, have likely encountered fraudulent text messages concerning unpaid tolls or undelivered packages. These messages are often part of a widespread and remarkably successful scamming network.

How the Scam Operates

The scheme itself isn’t overly complicated, yet it has proven highly effective. Scammers dispatch mass text messages designed to resemble legitimate notifications from well-known services. These can include alerts related to postal deliveries or government programs.

Unsuspecting individuals who click on the embedded link are directed to a phishing webpage. There, they are prompted to enter their credit card information, which is then stolen and exploited for fraudulent purposes.

Researchers estimate that, over a seven-month period in 2024, this scam resulted in the theft of at least 884,000 credit card details. Victims have reportedly lost substantial sums of money, with some experiencing losses in the thousands of dollars.

Unmasking "Darcula" and the "Magic Cat" Software

A series of operational security lapses eventually allowed security researchers and investigative journalists to identify the individual behind the scamming software known as Magic Cat. This person, identified as Yucheng C., a 24-year-old Chinese national, operates under the online alias "Darcula."

Investigations revealed that Yucheng C. developed Magic Cat and provided it to hundreds of customers. These customers then utilized the software to launch their own SMS text message scam campaigns.

Following his exposure, Darcula ceased activity, and updates to the Magic Cat operation stopped. However, a new operation quickly emerged to fill the void.

The Emergence of "Magic Mouse"

Security experts are now raising concerns about a new fraud operation, dubbed Magic Mouse, which has risen from the remnants of Magic Cat.

Harrison Sand, an offensive security consultant at Mnemonic, shared with TechCrunch that Magic Mouse has experienced rapid growth in popularity since the shutdown of Darcula’s operation. This information will be presented at the Def Con security conference in Las Vegas.

Sand also highlighted the operation’s increasing capacity to steal credit card information on a large scale.

Inside the Operation

During their investigation, Mnemonic discovered photographs from within the operation posted on a Telegram channel managed by Darcula. These images depicted rows of credit card payment terminals and videos showcasing racks of phones used to automate message delivery to potential victims.

The scammers utilize stolen card details within mobile wallets on these phones to conduct fraudulent payments, subsequently transferring the funds to other bank accounts. Some phones were found to contain numerous stolen cards, prepared for mobile transactions.

Currently, Magic Mouse is estimated to be responsible for the theft of at least 650,000 credit cards each month.

Similar Tactics, New Operators

Although evidence suggests Magic Mouse is a distinct operation, developed by new individuals and likely unconnected to Darcula, its success is largely attributed to the new operators acquiring the phishing kits that contributed to the popularity of Magic Cat.

These kits contain hundreds of phishing websites designed to mimic legitimate pages belonging to major technology companies, popular consumer services, and delivery firms, all with the intent of deceiving victims into revealing their credit card details.

Lack of Law Enforcement Response

Despite the significant financial losses incurred by consumers due to Magic Cat and now Magic Mouse, Sand expressed concern that law enforcement agencies are not adequately addressing the broader operation, focusing instead on isolated fraud reports.

He believes that technology companies and financial institutions bear a substantial responsibility for allowing these scams to persist and for failing to implement more robust measures to prevent the use of stolen cards.