After researchers unmasked a prolific SMS scammer, a new operation has emerged in its wake

Recent investigations have unveiled a significant SMS scam operation that has been targeting individuals across the U.S. and beyond. Many people have likely encountered deceptive text messages claiming issues like unpaid tolls or undelivered mail. These scams, while simple in nature, have proven to be alarmingly effective. Victims receive messages that mimic legitimate notifications for services ranging from postal deliveries to local government updates. When unsuspecting recipients click on the links, they are directed to phishing sites where they unwittingly provide their credit card information, which is then exploited for fraudulent activities. Over a seven-month span in 2024, this operation amassed at least 884,000 stolen credit card details, leading to substantial financial losses for many individuals. The unraveling of this scam was made possible due to a series of operational security blunders that revealed the true identity of the scam's creator, known as Magic Cat, whose real name is Yucheng C., a 24-year-old from China. This information was disclosed by the Oslo-based security firm Mnemonic and supported by Norwegian media reports. Yucheng C. developed the Magic Cat software, enabling numerous clients to run their own SMS scam campaigns. However, shortly after his exposure, Yucheng ceased his operations, leaving many of his clients without support. In the void left by Magic Cat, a new operation named Magic Mouse has emerged, reportedly surpassing its predecessor in scope and effectiveness. Ahead of a presentation at the Def Con security conference in Las Vegas, Harrison Sand, an offensive security consultant from Mnemonic, noted that Magic Mouse has gained momentum since Magic Cat's decline, raising concerns about its capacity for widespread credit card theft. During their investigation, Mnemonic discovered images shared in a Telegram channel managed by Darcula, showcasing rows of credit card processing terminals and numerous phones being utilized to automate scam messages. The criminal enterprise exploits stolen credit card information via mobile wallets, facilitating payment fraud and laundering their ill-gotten gains. Sand revealed that Magic Mouse is currently responsible for the theft of around 650,000 credit cards each month. While Magic Mouse appears to be operated by a different group and not directly connected to Yucheng, its success is attributed to the appropriation of phishing kits previously used by Magic Cat. These kits feature numerous phishing sites that replicate the official pages of major tech companies and consumer services, designed to deceive victims into revealing their sensitive information. Despite the rampant growth of both Magic Cat and Magic Mouse and their ability to extract millions from unsuspecting consumers, Sand expressed concern over the lack of law enforcement attention towards the larger network behind these scams. He emphasized that tech companies and financial institutions share a significant responsibility for not implementing more stringent measures to combat the misuse of stolen credit cards. For anyone who receives a suspicious text, experts recommend ignoring such messages to avoid falling victim to these scams.