884,000 Card Details Stolen in Text Scams Across the US and Worldwide

Aug 11, 2025
Technology

Image: Mnemonic (Collected via Telegram)

Every day, phone users in the United States and globally receive scam messages claiming unpaid toll fees or undelivered mail items. These types of messages are part of a large-scale scam operation that steals users’ credit card information to embezzle money.

In just the first seven months of 2024, at least 884,000 card details have been stolen through this scam, causing many victims to suffer losses amounting to thousands of dollars. Although the scam is not very complex, it has been highly effective. Scammers send spam texts pretending to be popular services such as postal services or local government programs, directing victims to phishing pages where card information is collected.

Norwegian cybersecurity firm Mnemonic’s investigation revealed that the creator of this scamming software is a young Chinese national named Yucheng Xi, also known as “Darkula.” Using software called “Magic Cat,” he enabled hundreds of clients to run their own scam campaigns.

After Darkula’s identity was exposed, his operation was shut down, but a new scam operation named “Magic Mouse” has taken its place, gaining popularity even faster than the previous one.

Mnemonic’s security expert Harrison Sand said that “Magic Mouse” steals at least 650,000 card details per month and is much more powerful in its scamming capabilities. They plan to reveal new information about this operation at an upcoming security conference.

The investigation found that both “Magic Cat” and “Magic Mouse” use a phishing kit that targets victims by creating fake websites mimicking popular brands and services to steal card information.

Experts say that despite the scale of the scam, law enforcement agencies have not yet taken widespread action, partly because major technology and financial companies have failed to implement effective measures against card theft.

The best advice is to ignore any unknown or suspicious texts from untrusted sources. Awareness and vigilance remain the easiest way to protect against such scams.

Source: TechCrunch