If you, like practically anyone else with a cell phone in the U.S. and beyond, have received a scam text message about an unpaid toll or undelivered mail item, there’s a good chance you have been targeted by a prolific scamming operation. The scam isn’t particularly complex, but it has been highly effective. By sending spam text messages that look like genuine notifications for popular services—from postal deliveries to local government programs—unsuspecting victims click a link that loads a phishing page. Once they enter their credit card details, that information is stolen and used for fraud.
During a seven-month period in 2024, the scam netted at least 884,000 stolen credit card details, allowing scammers to cash in on their victims’ accounts. Some victims lost thousands of dollars, according to researchers.
A series of operational security mistakes eventually led security researchers and investigative journalists to uncover the real-world identity of the creator behind the scamming software, Magic Cat. The individual, known by the handle Darcula, was identified as a 24-year-old Chinese national named Yucheng C.
Researchers say Yucheng C. developed Magic Cat for hundreds of customers, who used the software to launch their own SMS text message scam campaigns. Soon after his identity was revealed, Darcula went dark, and his scam operation stopped receiving updates, leaving his customers without support. However, a new operation quickly emerged, surpassing its predecessor in scale.
Security experts are now raising alarms about the new fraud operation, Magic Mouse, which rose from the ashes of Magic Cat. Harrison Sand, an offensive security consultant at Mnemonic, warned that Magic Mouse has surged in popularity since Magic Cat’s downfall. Sand also highlighted the operation’s growing ability to steal credit card information on a massive scale.
During their investigation, Mnemonic found photos from inside the operation posted in a Telegram channel administered by Darcula. These images showed rows of credit card payment terminals and racks of phones used to automate scam messages. The scammers loaded stolen card details into mobile wallets on these phones, conducting payment fraud and laundering funds into other bank accounts. Some phones had mobile wallets filled with stolen cards, ready for fraudulent transactions.
Sand revealed that Magic Mouse is already responsible for stealing at least 650,000 credit cards per month. While evidence suggests Magic Mouse is an entirely new operation, likely unrelated to Darcula, much of its success comes from reusing the phishing kits that made Magic Cat so effective. These kits contain hundreds of fake websites designed to mimic legitimate pages from major tech companies, consumer services, and delivery firms—all crafted to trick victims into handing over their credit card details.
Despite the scale of Magic Cat and Magic Mouse, which have stolen millions from consumers, Sand noted that law enforcement has not pursued the broader operations behind these schemes. Instead, he pointed to tech companies and financial institutions as bearing much of the responsibility for allowing these scams to thrive by not making it harder for scammers to use stolen cards.
For anyone who receives a suspicious text, the best course of action is to ignore it. Unwanted messages should be deleted without clicking any links or responding.