A sophisticated SMS phishing operation, dubbed “Magic Mouse,” has rapidly emerged to fill the void left by the collapse of the notorious “Magic Cat” scam network. Following the exposure of the original operator, this new threat is now compromising at least 650,000 credit cards every month, signaling a massive escalation in mobile-based financial fraud.
The Evolution from Magic Cat to Magic Mouse
For months, mobile users worldwide have been bombarded with fraudulent text messages masquerading as legitimate toll payment reminders or failed postal deliveries. These messages direct victims to phishing pages designed to harvest credit card information. Between early 2024 and the exposure of the operation, the original Magic Cat scheme successfully stole at least 884,000 credit card records.
The operation was traced back to a 24-year-old Chinese national, Yucheng C., who developed the “Magic Cat” phishing-as-a-service software. As detailed by security firm Mnemonic and Norwegian investigative reporting, operational security failures led researchers directly to the developer behind the handle “Darcula.”
How the New Operation Functions
While Magic Mouse appears to be an independent development by new actors, its success is built upon the infrastructure of its predecessor. The new operators have effectively hijacked the phishing kits previously used by Magic Cat. These kits contain hundreds of sophisticated templates that mimic the websites of major tech giants, delivery services, and government entities.
Internal evidence found in Telegram channels formerly administered by Darcula revealed the scale of the automation: racks of smartphones are used to blast thousands of messages, while payment terminals and mobile wallets are used to launder stolen funds immediately. Victims often lose thousands of dollars as scammers drain accounts via mobile transactions.
The Tech Industry’s Responsibility
Despite the staggering volume of financial theft, Harrison Sand, an offensive security consultant at Mnemonic, notes that law enforcement responses remain fragmented. Currently, authorities often treat these incidents as isolated reports rather than addressing the coordinated, global operation behind the scheme.
Sand argues that the burden of defense currently falls heavily on financial institutions and tech companies. He contends that these entities must implement more robust security measures to prevent scammers from easily utilizing stolen card data within mobile wallets and payment apps.
For the average consumer, the advice remains clear: any unexpected text message containing a link—regardless of how legitimate it appears—should be ignored and deleted immediately to avoid falling victim to these evolving phishing campaigns.