Oshri Kalfon, an Israeli researcher, uncovered Darcula, a leading phishing-as-a-service platform.

Darcula has created 20,000 phishing domains and operates in over 100 countries, targeting both Android and iPhone users.

The service offers more than 200 templates to mimic legitimate brands and employs advanced technologies for updates.

Unlike traditional phishing schemes, Darcula uses RCS and iMessage, complicating efforts to intercept and block phishing messages.

Despite its widespread operation, Darcula encounters restrictions from tech giants like Apple and Google.

An average of 120 new Darcula phishing domains have been detected daily by Netcraft since the beginning of 2024.

The platform mainly focuses on postal services and targets Chinese-language speaking cybercriminals.

Consumers are urged to be cautious of unexpected messages with URLs and to watch for errors or suspiciously enticing offers to avoid Darcula scams.