Latest
AI
Amazon
Apps
Biotech & Health
Climate
Cloud Computing
Commerce
Crypto
Enterprise
EVs
Fintech
Fundraising
Gadgets
Gaming
Google
Government & Policy
Hardware
Instagram
Layoffs
Media & Entertainment
Meta
Microsoft
Privacy
Robotics
Security
Social
Space
Startups
TikTok
Transportation
Venture
Staff
Events
Startup Battlefield
StrictlyVC
Newsletters
Podcasts
Videos
Partner Content
TechCrunch Brand Studio
Crunchboard
Contact Us
If you, like practically anyone else with a cell phone in the U.S. and beyond, have received a scam text message about an unpaid toll or undelivered mail item, there’s a good chance you have been targeted by a prolific scamming operation.
The scam isn’t particularly complex, but it has been highly effective. By sending spam text messages that look like genuine notifications for popular services, from postal deliveries to local government programs, unsuspecting victims click a link that loads a phishing page, they enter their credit card details, and that information is swiped and used for fraud.
During a period of seven months in 2024, the scam netted at least 884,000 stolen credit card details, allowing scammers to cash in on their victims’ accounts. Some victims lost thousands of dollars in the scam, researchers say.
But a series of opsec mistakes ultimately led security researchers and investigative journalists to the real-world identity of the maker of the scamming software, Magic Cat, who researchers say goes by the handle Darcula.
As revealed by the Oslo-headquartered security firm Mnemonic and reported in tandem by Norwegian media earlier this year, behind the fluffy cute cat in Darcula’s profile photos is a 24-year-old Chinese national named Yucheng C.
The researchers say Yucheng C. develops Magic Cat for his hundreds of customers, who use the software to launch their own SMS text message scam campaigns at their victims.
Soon after he was unmasked, Darcula went dark and his scam operation has not seen any updates since, leaving his customers in the lurch. But in its wake, a new operation has emerged and is already vastly outpacing its predecessor.
Researchers are now sounding the alarm on the new fraud operation, Magic Mouse, which rose from the ashes of Magic Cat.
Ahead of sharing new findings at the Def Con security conference in Las Vegas on Friday, Harrison Sand, an offensive security consultant at Mnemonic, told TechCrunch that Magic Mouse has been surging in popularity since the demise of Darcula’s Magic Cat.
Sand also warned of the operation’s growing ability to steal people’s credit cards on a massive scale.
During their investigation, Mnemonic found photos from inside the operation posted in a Telegram channel that Darcula administered, showing a line-up of credit card payment terminals and videos showing racks with dozens of phones used for automating the sending of messages to victims.
The scammers use the card details in mobile wallets on phones and conduct payment fraud, laundering their funds into other bank accounts. Some of the phones had mobile wallets overflowing with other people’s stolen cards, ready to be used for mobile transactions.
Sand told TechCrunch that Magic Mouse is already responsible for the theft of at least 650,000 credit cards a month.
While evidence suggests Magic Mouse is an entirely new operation, coded by new developers and likely unrelated to Darcula, much of Magic Mouse’s success stems from the new operators stealing the phishing kits that made its predecessor’s software so popular. Sand said these kits contain hundreds of phishing sites that Magic Cat used to mimic the legitimate web pages of major tech giants, popular consumer services, and delivery firms, all designed to trick victims into handing over their credit card details.
But despite the prolific nature of Magic Cat and, now, Magic Mouse, and their ability to net millions of dollars in stolen funds from consumers, Sand told TechCrunch in a call that law enforcement is not looking beyond a few scattered reports of fraud or at the wider operation behind the scheme.
Instead, Sand said, it is the tech companies and financial giants who shoulder much of the responsibility for allowing these scams to exist and thrive, and for not making it more difficult for scammers to use stolen cards.
As for anyone who receives a suspicious text, ignoring an unwanted message might be the best policy.
Topics
Zack Whittaker is the security editor at TechCrunch. He can be reached via encrypted message at zackwhittaker.1337 on Signal. You can also contact him by email, or to verify outreach, at [email protected].
Put your brand in front of 10,000+ tech and VC leaders across all three days of Disrupt 2025. Amplify your reach, spark real connections, and lead the innovation charge. Secure your exhibit space before your competitor does.
Sam Altman addresses ‘bumpy’ GPT-5 rollout, bringing 4o back, and the ‘chart crime’
Key sections of the US Constitution deleted from government’s website
Instagram takes on Snapchat with new ‘Instagram Map’
Google says hackers stole its customers’ data by breaching its Salesforce database
Three weeks after acquiring Windsurf, Cognition offers staff the exit door
Spotify raises subscription prices
© 2025 TechCrunch Media LLC.