Massive “Darcula” Credit Card Theft Operation Uncovered

"Darcula" is one of the biggest credit card theft operations in living memory – and the result of "Phishing as a Service."

Security researchers have uncovered one of the biggest credit card theft operations in recent history. The campaign, which is known as “Darcula,” is thought to have resulted in the compromise of 884,000 credit card details. Beginning in late 2024, it targeted consumers across 32 countries, with the highest concentration of victims residing in the US and Europe.

Analysts at Mnemonic first identified the campaign in February. As a sophisticated “Phishing as a Service” platform, “Darcula” leverages advanced infrastructure and a subscription-based model to allow budding cybercriminals to carry out wide-ranging attacks. The experts estimate that “Darcula” could have incurred as much as $150 million in financial damage.

The business world is mired in cybersecurity peril, with numerous studies revealing that most companies are ill-prepared to deal with the current threat landscape. With the ongoing development of AI, a bad situation could soon get far worse.

Massive “Darcula” Phishing Operation Revealed by Cybersecurity Researchers

One of the biggest credit card theft operations for years has been uncovered. It’s estimated that the so-called “Darcula” campaign has led to the seizure of 884,000 credit card details, as well as generating over 13 million clicks from around the world.

The operation began in late 2024. Since then, it has targeted consumers around the world, with most of its victims located in the US and Europe. Experts estimate that it has cost consumers and businesses in excess of $150 million in that period.

 

About Tech.co Video Thumbnail Showing Lead Writer Conor Cawley Smiling Next to Tech.co LogoThis just in! View
the top business tech deals for 2025 👨‍💻
See the list button

Researchers at Mnemonic identified Darcula in February 2025. Examining a series of credit card thefts reported by various financial institutions, they managed to trace a pattern that spanned multiple countries. Primary servers were located in Eastern Europe and Southeast Asia.

Findings Point to Growing “Fraud as a Service” Market

“Darcula” is an example of a “Phishing as a Service” platform. By making sophisticated phishing tools readily available, these platforms enable unskilled cybercriminals to carry out attacks with ease. “Darcula” differs from traditional PaaS models in that it deploys advanced infrastructure and a subscription-based model.

Subscribers can access realistic replicas of different banking websites, e-commerce platforms, and payment portals. What’s more, “Darcula” uses real-time “session hijacking” to bypass multi-factor authentication (MFA), meaning that it is particularly difficult to combat.

“Darcula” is just one small part of the increasingly lucrative “Fraud as a Service” ecosystem. In 2023, Ravelin found that 56% of fraud analysts globally have reported that FaaS schemes have been used to target their organizations, signaling a massive surge in its popularity.

Action Needed to Avert Looming Cybersecurity Disaster

A cursory glance at the tech landscape reveals a sobering truth: the world is woefully underprepared for the current threat level. In April, a report from Trend Micro found that most businesses were failing in even their most basic cybersecurity duties, with 78% of successful breaches in the past quarter resulting from preventable vulnerabilities.

Our own “Impact of Technology on the Workplace” report posted some equally grim findings. Among them, we found that a shocking 98% of senior leaders are unable to identify all the signs of a phishing scam.

As AI innovation continues at a dizzying pace, things are only going to get worse. Increasingly, cybercriminals will deploy sophisticated attacks at scale, while new methods of deception will emerge. If the tech world is to avert looming crisis, a sea change in our collective cybersecurity approach is required.

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Written by:
Gus is a Senior Writer at Tech.co. Since completing his studies, he has pursued a career in fintech and technology writing which has involved writing reports on subjects including web3 and inclusive design. His work has featured extensively on 11:FS, The Fold Creative, and Morocco Bound Review. Outside of Tech.co, he has an avid interest in US politics and culture.
Explore More See all news
Back to top
close Thinking about your online privacy? NordVPN is Tech.co's top-rated VPN service See Deals