Skip to main content
News Directory 3
  • Business
  • Entertainment
  • Health
  • News
  • Sports
  • Tech
  • World
Menu
  • Business
  • Entertainment
  • Health
  • News
  • Sports
  • Tech
  • World
Wrong DHL Messages: Who's Behind It - News Directory 3

Wrong DHL Messages: Who’s Behind It

May 4, 2025 Catherine Williams News
News Context
At a glance
  • An international network⁣ of online fraudsters is using refined techniques to steal credit card data from unsuspecting ⁣victims.
  • Operating from⁣ Asia, the fraud ring is orchestrated by a figure known as "Darcula," a name inspired by the vampire legend.
  • An inquiry pieced⁢ together the⁣ scheme using a database containing information on hundreds of thousands of victims,⁣ a copy of the fraud software, and over ⁤40,000 messages from...
Original source: br.de

Global ⁣Phishing Ring ⁤Exposed: “Darcula” and the “Magic Cat” ‍Software

Table of Contents

  • Global ⁣Phishing Ring ⁤Exposed: “Darcula” and the “Magic Cat” ‍Software
    • The Mastermind: “Darcula”
    • “Magic⁢ Cat”⁣ Software: Website Imitation
    • The Developer: Yucheng C.
    • “Darcula”: A⁢ Prolific Player
    • Scale⁣ of the Theft
    • A Perpetrator’s Bragging⁤ and Disappearance
    • Lack of Federal Investigation
    • Unmasking “Darcula”: Your Guide to the Global ⁣Phishing Ring and “Magic Cat” ‍Software
      • What is ⁤the ‍”Darcula” Phishing Ring?
      • How the “Darcula” Phishing⁤ Scheme Works
      • Who is Involved?
      • The Scope and Impact
      • Protect Yourself
      • Conclusion

An international network⁣ of online fraudsters is using refined techniques to steal credit card data from unsuspecting ⁣victims. These criminals frequently enough flaunt their ill-gotten gains on social media, showcasing designer clothes, luxury cars, and exclusive⁢ club ⁢appearances. ⁤investigations have identified key players in one of the world’s‍ largest phishing operations, which is believed to be responsible for tens of thousands of fraudulent incidents in⁢ Germany alone.

The Mastermind: “Darcula”

Operating from⁣ Asia, the fraud ring is orchestrated by a figure known as “Darcula,” a name inspired by the vampire legend. This individual ⁢is responsible for ⁢sending millions of deceptive text messages to smartphones worldwide. These messages frequently enough mimic delivery notifications, ⁤such as: “The DHL package has arrived in the warehouse and cannot be delivered due to incomplete address facts. please confirm your address in the link within 12 hours.” ⁣Victims ⁤who click the‍ link are then led into‍ a trap‍ designed ⁢to steal their personal and financial information.

An inquiry pieced⁢ together the⁣ scheme using a database containing information on hundreds of thousands of victims,⁣ a copy of the fraud software, and over ⁤40,000 messages from internal chat ⁢groups.‍ The data was provided to news outlets by Mnemonic, a norwegian cybersecurity firm.The⁤ investigation revealed the global reach of the fraud.

“Magic⁢ Cat”⁣ Software: Website Imitation

The fraud software, ‍dubbed “Magic Cat,”‍ allows criminals to create convincing imitations of‍ websites from over 130 countries ⁣with ease.⁢ These⁤ fake websites⁢ often impersonate postal and parcel services like DHL, but also include electricity providers‍ and government agencies. ⁢The investigation found ⁢that German victims are frequently targeted⁣ through fake‍ DHL websites.

The software alerts the perpetrators when a⁣ user accesses a fake page.A computer ⁤voice in Chinese announces, ‍”A ⁢user‍ has successfully called up the website.” The criminals can then monitor the victim’s data entry in real-time, even capturing information ⁤that the ‍user attempts⁣ to delete.

The Developer: Yucheng C.

“Darcula” is believed to be the developer of “Magic Cat.” While maintaining a ⁢low‍ profile, research indicates that a 24-year-old Chinese national named Yucheng C. is likely behind the software. A photo of his identification card shows a young⁢ man from the Henan province in⁢ central China. His current location is unknown.

The investigation has not found evidence that Yucheng ⁣C. directly steals credit card information.⁣ Rather, he appears to rent the “Magic Cat” software to other criminals for several hundred dollars per week. “Darcula” also⁢ managed a central chat group where fraudsters connected, shared tips, and even offered courses on effective cheating⁣ methods.

“Darcula”: A⁢ Prolific Player

Ford Merrill, an IT expert⁣ who advises security ‍authorities, described “Darcula” as⁢ “remarkably successful,” estimating that‍ 70 to 80 percent of phishing websites utilize his ⁣software. Merrill considers “Darcula” to be one of the most productive actors⁢ in the phishing landscape.

After being contacted by⁤ reporters, an individual claiming to⁢ work with Yucheng C. stated that the software was intended only for website creation, not for credit ⁣card fraud. However, Harrison Sand of Mnemonic disputes this claim, stating, “According to our observations, we see no ⁢possibility of how this software coudl⁤ have been used for legitimate purposes.”

Scale⁣ of the Theft

The database examined covered ⁣fraud victims from late 2023 to⁢ the summer of 2024. It revealed that nearly 900,000 individuals worldwide disclosed their credit ‍card information during ⁣this period.

In Germany, ⁣approximately 20,000 people entered their ‍credit card numbers on fake websites, and about 4,000 also provided their bank‍ verification codes. These codes allow fraudsters to add the stolen cards to digital‍ wallets like Apple⁢ Pay and Google Pay.

Photos from chat groups suggest that perpetrators are adding stolen credit‍ cards‍ to digital wallets.⁣ These cards can then be used for purchases without⁤ a PIN, allowing the criminals to repeatedly defraud⁤ their victims.

Interviews with over 100⁣ affected ⁣individuals in Germany confirmed that they⁣ had lost money due to the fraud. Internal⁢ chat logs also revealed that some perpetrators use their own payment terminals to process fraudulent transactions from home. Others posted photos of receipts from luxury stores on social media.

A Perpetrator’s Bragging⁤ and Disappearance

Investigators identified a key player in the “darcula” network ‍known as X667788x,⁣ who ⁤allegedly defrauded thousands using “Magic Cat.” This individual also taught others how to cheat⁣ effectively, sold the software, and offered ⁣text messaging services.He frequently boasted about ⁤his fraudulent ⁢earnings.

The investigation revealed ⁣that X667788x is a young man known as “crisis” from Xi’an, China. He operated from Bangkok, Thailand, for several months, posting⁤ photos from expensive⁤ restaurants and with luxury cars on social⁣ media. He has as returned‍ to China. After inquiries were made, he deleted posts showing his face.

In a ⁢chat with⁤ reporters, the⁢ individual behind X667788x denied being “crisis,” stating,⁣ “I’m X66, but all information you have found are wrong.” He then deleted his remaining Instagram posts.

Lack of Federal Investigation

Despite the large number of victims in Germany,⁢ the Federal⁤ Criminal Police Office (BKA) ‍is not currently investigating the “Darcula” and “Magic Cat” network.The BKA ⁢stated that⁣ it has been aware of the “Darcula group” as October 2024 and is continuously monitoring⁢ them⁢ for assessment purposes. The agency cited international cooperation challenges as an obstacle to investigations.

DHL declined to comment on ⁣cybersecurity matters.

Unmasking “Darcula”: Your Guide to the Global ⁣Phishing Ring and “Magic Cat” ‍Software

Welcome to a deep dive into a complex global phishing operation that’s been hitting smartphones worldwide. We’ll explore ‍the key players,how they operate,and how you can better protect yourself. I’ll break down this⁣ complex topic in a question-and-answer format for clarity and easy understanding.

What is ⁤the ‍”Darcula” Phishing Ring?

Q: What exactly ⁤is the “Darcula” phishing ring?

A: ‍ The “Darcula” phishing ring is a sophisticated international network of ⁢online fraudsters responsible for stealing credit card data from unsuspecting victims worldwide.‍ The ring is believed to be responsible for tens of thousands of fraudulent incidents, particularly in Germany. The operation⁢ is masterminded⁣ by an individual known as “Darcula,” inspired by the vampire legend.

How the “Darcula” Phishing⁤ Scheme Works

Q: How ⁣do thes ‍fraudsters actually ⁤trick peopel?

A: The primary method used by‍ the “Darcula” ⁢ring is through‍ deceptive⁣ text messages, frequently⁢ enough mimicking official delivery notifications (e.g., from⁤ DHL, UPS, etc.).These messages typically claim there’s a problem with a package‍ delivery and urge the recipient to⁤ click a link to “resolve” the issue. This ⁢link leads victims to fake websites designed to steal their personal and financial facts.

Q: What happens when someone clicks on the fraudulent⁣ link?

A: Clicking the link takes victims ⁤to a⁣ convincing imitation of a legitimate website used by popular services, such as postal companies⁢ or even ⁢electricity providers.The⁢ goal is to trick victims into entering their personal and financial information, including credit card numbers and bank verification codes.

Q: What kind of information are‍ these scammers after?

A: The primary target is your credit card information, including the card number, expiration date,⁤ and the security code. Some scams also try to obtain your bank verification codes, allowing them to ⁤add stolen cards to digital wallets like Apple⁢ Pay and google pay.

Q: What is the⁣ “Magic Cat” software, and how does it contribute to the fraud?

A: “Magic Cat” is the sophisticated fraud software used by the ⁢”Darcula” ring, developed to‍ make it simple for any crook to create convincing imitations of websites from over ‍130 countries including postal⁤ and delivery services, electricity⁢ providers, government agencies and many others. This is what helps the fraudsters create convincing websites, like the DHL-related sites that the fraudsters used to target German victims.

Q: Can the ⁤scammers see what individuals⁢ type in real time?

A: Yes, “Magic Cat” allows the ‍perpetrators to monitor the victim’s data‍ entry ⁢in real-time, even capturing information that the user attempts to delete.

Who is Involved?

Q: ⁢Who⁣ is the mastermind behind this operation, “Darcula”?

A: “Darcula” is the alias⁤ for the developer of the “Magic Cat” software and the orchestrator of the phishing ring.The perpetrator, known as ⁣Yucheng C., a 24-year-old Chinese national from the Henan⁤ province, is highly likely behind the ‍software, but his current location is unknown.

Q: How ⁢is the fraudulent software distributed?

A: ⁣”Darcula” appears⁣ to rent the “Magic cat” software to other criminals for several hundred dollars per week. He also managed a central chat group where fraudsters connected, shared tips, and even offered courses on effective cheating methods.

Q: What other key players have been identified?

A: One key⁤ player identified in the network is known as X667788x (alias⁢ “crisis”). This individual allegedly defrauded thousands using “Magic Cat,” taught others how to cheat, and offered text messaging ⁤services. He operated from Bangkok, Thailand, for several months before returning to China.

Q: It⁢ appears that more and more criminals are involved ⁤in‍ online fraud operations. What measures are in ⁢place to combat the scale of these crimes?

A: The Federal ‍Criminal Police Office (BKA) is monitoring the Darcula group but⁢ has stated that challenges exist to international cooperation.

The Scope and Impact

Q: ‍How widespread is the “Darcula” phishing scheme?

A: The scheme ⁤has a global reach,‍ with⁢ victims worldwide. The investigation revealed that,⁣ covering late 2023 to the summer of⁤ 2024, nearly 900,000 individuals worldwide disclosed their credit card information during this ‍period.

Q: ‍How many people in Germany ⁢specifically have ⁣been affected?

A: Approximately 20,000 people ⁤in Germany entered⁤ their credit card numbers on fake websites operated ⁤by⁣ the “Darcula” ring, and about 4,000 ‍also provided their bank verification codes.

Q: What ⁣are the financial consequences for victims?

A: Victims experience direct financial losses when their credit card details are stolen and used for fraudulent purchases. Internal chat logs revealed ‍perpetrators using their payment terminals to ⁢process fraudulent transactions from home, with some boasting about their gains on ‍social media.

Q: ⁤Were the stolen credit cards used in digital wallets?

A: Yes, photos from chat ⁣groups suggest that the perpetrators were adding stolen credit cards to digital wallets like Apple Pay ‍and google Pay.

Protect Yourself

Q: How can I protect myself from these phishing scams?

A: Be vigilant and Exercise Caution:

Verify Links: Always hover over links in emails or texts before clicking them. ⁣Make sure the actual URL matches the sender’s website.

Check Official Websites: If you receive a suspicious message, go directly to the official website of‍ the company or service mentioned (e.g., DHL, your bank) to verify the information.

Secure Your Devices: Keep your⁣ operating system and security⁤ software up-to-date.

Use Strong Passwords: Create complex and unique passwords for ⁤all your online ‍accounts.

Monitor Your Accounts⁤ Regularly: ⁤Check your bank ⁣and credit card statements ⁢frequently for any unauthorized⁤ transactions.

Be Wary of Urgent Requests: Phishing⁢ scams often create a sense of urgency to pressure you into acting quickly.Don’t fall for it.

Q: What should I do if ⁣I suspect ⁢I’ve been targeted ‍by a phishing scam?

A: If you think you’ve been phished:

Contact⁢ Your Bank Instantly: Report any unauthorized transactions and‍ the⁣ theft of your credit⁢ card information to⁣ your bank and credit card providers as soon ‍as possible.

Change Your Passwords: ‍Change the passwords for all your online accounts, especially those that may have been compromised.

Report the Scam: Report the phishing attempt‍ to the Federal Trade Commission (FTC) in the US, your local consumer protection agency, or the relevant authorities in your country.

Consider ⁣Credit Monitoring: Enroll in a credit monitoring service to track your ⁣credit report for any suspicious activity and prevent identity⁤ theft.

Conclusion

The⁤ “Darcula” phishing ring is a stark reminder of the ongoing threat of online fraud. ⁤By understanding the tactics used by these criminals and following the protective⁢ measures outlined above, you can substantially reduce your risk⁤ of becoming a victim. Stay‍ vigilant, stay informed, and‍ protect your personal and financial information.

Share this:

  • Share on Facebook (Opens in new window) Facebook
  • Share on X (Opens in new window) X

Related

Federal Criminal Police Office, Phishing, Round show, Smishing, SMS-Phishing

Search:

News Directory 3

News Directory 3 catalogs US newspapers, news services, newsstands and digital news outlets across all 50 states. Browse local publishers by city, state, or topic, and follow current headlines linked back to their original sources.

Quick Links

  • Disclaimer
  • Terms and Conditions
  • About Us
  • Advertising Policy
  • Contact Us
  • Cookie Policy
  • Editorial Guidelines
  • Privacy Policy

Browse by State

  • Alabama
  • Alaska
  • Arizona
  • Arkansas
  • California
  • Colorado

© 2026 News Directory 3. All rights reserved.
For contact, advertising, copyright, issues email: office@newsdirectory3.com