Security researchers have uncovered one of the biggest credit card theft operations in recent history. The campaign, which is known as “Darcula,” is thought to have resulted in the compromise of 884,000 credit card details. Beginning in late 2024, it targeted consumers across 32 countries, with the highest concentration of victims residing in the US and Europe.
Analysts at Mnemonic first identified the campaign in February. As a sophisticated “Phishing as a Service” platform, “Darcula” leverages advanced infrastructure and a subscription-based model to allow budding cybercriminals to carry out wide-ranging attacks. The experts estimate that “Darcula” could have incurred as much as $150 million in financial damage.
The business world is mired in cybersecurity peril, with numerous studies revealing that most companies are ill-prepared to deal with the current threat landscape. With the ongoing development of AI, a bad situation could soon get far worse.
Massive “Darcula” Phishing Operation Revealed by Cybersecurity Researchers
One of the biggest credit card theft operations for years has been uncovered. It’s estimated that the so-called “Darcula” campaign has led to the seizure of 884,000 credit card details, as well as generating over 13 million clicks from around the world.
The operation began in late 2024. Since then, it has targeted consumers around the world, with most of its victims located in the US and Europe. Experts estimate that it has cost consumers and businesses in excess of $150 million in that period.
This just in! View
the top business tech deals for 2025 👨💻
Researchers at Mnemonic identified Darcula in February 2025. Examining a series of credit card thefts reported by various financial institutions, they managed to trace a pattern that spanned multiple countries. Primary servers were located in Eastern Europe and Southeast Asia.
Findings Point to Growing “Fraud as a Service” Market
“Darcula” is an example of a “Phishing as a Service” platform. By making sophisticated phishing tools readily available, these platforms enable unskilled cybercriminals to carry out attacks with ease. “Darcula” differs from traditional PaaS models in that it deploys advanced infrastructure and a subscription-based model.
Subscribers can access realistic replicas of different banking websites, e-commerce platforms, and payment portals. What’s more, “Darcula” uses real-time “session hijacking” to bypass multi-factor authentication (MFA), meaning that it is particularly difficult to combat.
“Darcula” is just one small part of the increasingly lucrative “Fraud as a Service” ecosystem. In 2023, Ravelin found that 56% of fraud analysts globally have reported that FaaS schemes have been used to target their organizations, signaling a massive surge in its popularity.
Action Needed to Avert Looming Cybersecurity Disaster
A cursory glance at the tech landscape reveals a sobering truth: the world is woefully underprepared for the current threat level. In April, a report from Trend Micro found that most businesses were failing in even their most basic cybersecurity duties, with 78% of successful breaches in the past quarter resulting from preventable vulnerabilities.
Our own “Impact of Technology on the Workplace” report posted some equally grim findings. Among them, we found that a shocking 98% of senior leaders are unable to identify all the signs of a phishing scam.
As AI innovation continues at a dizzying pace, things are only going to get worse. Increasingly, cybercriminals will deploy sophisticated attacks at scale, while new methods of deception will emerge. If the tech world is to avert looming crisis, a sea change in our collective cybersecurity approach is required.