SMS Scam Rings Evolve into Magic Mouse Fraud Operation
Researchers unmasked a global SMS phishing network run by 'Darcula', operator of Magic Cat, which stole over 884,000 credit cards in seven months. After his disappearance, a new operation, Magic Mouse, has surged, netting 650,000 stolen cards monthly. Security experts warn that lax oversight and recycled phishing kits fuel this sophisticated mobile fraud epidemic.
A sprawling SMS phishing operation has targeted millions of cell phone users with fake toll notices and undelivered mail alerts. Victims click a link, enter credit card details on a convincing phishing page, and lose funds. From January to July 2024, Magic Cat netted at least 884,000 stolen cards, until security researchers tracked the developer behind the scenes.
Unmasking Magic Cat
Oslo-based firm Mnemonic and Norwegian media identified “Darcula,” the handle of a 24-year-old Chinese national named Yucheng C. He built Magic Cat, sold to hundreds of customers who launched SMS scams on unsuspecting targets. Despite his disappearance, his software laid the groundwork for a far larger network.
Magic Mouse Takes Over
Soon after Magic Cat went dark, a new ring—Magic Mouse—surfaced. Already responsible for stealing at least 650,000 credit cards per month, this operation reuses the same phishing kits to mimic major tech firms, delivery services, and local governments, tricking victims into handing over sensitive data.
Inside the Scam Infrastructure
- Images from Darcula’s Telegram channel showed rows of credit card terminals ready for payment fraud
- Videos revealed racks of dozens of phones used to automate mass SMS distribution
- Phishing kits contain hundreds of cloned pages of popular services to harvest card details
Scammers store stolen cards in mobile wallets across multiple devices and launder funds through other bank accounts. Unlike Magic Cat’s seven-month run, Magic Mouse shows no signs of slowing, amplifying the scale and speed of mobile fraud.
Why It Matters
Law enforcement efforts remain scattered, focusing on individual reports rather than the entire network. Meanwhile, tech companies and financial institutions struggle to block stolen cards and phishing domains quickly. Organizations must adopt proactive measures to combat these mobile-first scams.
Guarding Against SMS Scams
- Verify messages: Confirm sender identity before clicking links, even if messages appear urgent
- Deploy dynamic link scanning in your mobile security stack to flag phishing domains in real time
- Monitor mobile wallet transactions for unusual volume and cross-device patterns that indicate card cloning
As Magic Mouse scales its stolen card haul, organizations need intelligence-driven defenses. Combining pattern analysis with real-time threat mapping can help security teams cut off phishing campaigns before they inflict major losses.
Keep Reading
View AllBest VPNs for Streaming NFL Games This Season
Discover top VPNs like ExpressVPN, Surfshark & NordVPN to stream NFL games anywhere securely and smoothly. Compare speeds, privacy & pricing.
Anthropic Adds AI-Powered Code Security Reviews
Anthropic's new Claude Code features scan code for vulnerabilities, offer fixes via terminal commands and GitHub Actions for rapid AI-assisted development security.
Black Hat 2025 Spotlights Agentic AI Redefining Cyber Defense
At Black Hat 2025, security teams showcased agentic AI that delivers real metrics, cuts investigation times, and boosts threat detection against AI-powered intrusions.
AI Tools Built for Agencies That Move Fast.
QuarkyByte’s threat intelligence platform can map emerging SMS phishing campaigns like Magic Mouse in real time. Use our fraud pattern analytics to flag malicious links and monitor operator infrastructure before it harms your network. Strengthen mobile defenses with actionable insights.