Exposed: The Rise and Fall of Magic Cat Scam Operation and the Emergence of Its Successor, Magic Mouse
A prolific scamming operation that has targeted thousands of individuals in the U.S. and beyond, using spam text messages designed to mimic legitimate notifications from popular services, has been traced back to a 24-year-old Chinese national named Yucheng C.
The operation, initially known as Magic Cat and now succeeded by Magic Mouse, has been highly effective in stealing credit card details from unsuspecting victims. By clicking on the links provided in these phishing texts, victims unknowingly load fraudulent pages where they enter their credit card information, which is then swiped and used for illegal activities.
Between January and July 2024, this scam operation managed to gather at least 884,000 stolen credit card details, enabling the perpetrators to gain unauthorized access to numerous accounts and steal thousands of dollars from their victims.
However, the real-world identity of the creator of Magic Cat, known online as Darcula, was eventually discovered by security researchers and investigative journalists. Behind the fluffy cat in Darcula’s profile photos lies Yucheng C., who reportedly develops and sells Magic Cat software to hundreds of customers who use it to launch their own SMS text message scam campaigns.
Following his unmasking, Darcula went dark, and his operation has since been inactive. Yet, in its wake, a new fraudulent operation has emerged, vastly outpacing its predecessor in both scale and efficiency.
Ahead of presenting new findings at the Def Con security conference in Las Vegas on Friday, Harrison Sand, an offensive security consultant at Mnemonic, reported that Magic Mouse has been rapidly gaining popularity since the demise of Darcula’s Magic Cat. Additionally, Sand warned of the operation’s growing ability to steal people’s credit cards on a massive scale.
During their investigation, Mnemonic discovered photos from inside the new operation posted in a Telegram channel, showcasing lines of credit card payment terminals and videos featuring racks filled with phones used for automating the sending of messages to victims. The scammers utilize the stolen credit card information in mobile wallets on these phones to conduct payment fraud and launder their funds into other accounts.
Magic Mouse is now responsible for the theft of at least 650,000 credit cards each month, according to Sand’s estimates. While evidence suggests Magic Mouse is an entirely new operation coded by different developers and likely unrelated to Darcula, much of its success stems from the new operators stealing phishing kits that contained hundreds of phishing sites used to mimic the legitimate web pages of major tech companies, popular consumer services, and delivery firms.
Despite the scale and profitability of these operations, law enforcement appears to be focusing on only scattered reports of fraud rather than investigating the wider operation behind the scam. Instead, it is the tech companies and financial giants that are primarily responsible for allowing these scams to persist and thrive by failing to make it more challenging for scammers to use stolen cards.
As a precaution, anyone who receives a suspicious text message should consider ignoring unwanted messages as a potential policy.
