Magic Cat is a data program designed for fraud, used by hundreds of fraudsters to create fake websites for phishing card details and draining money. Companies impersonated include Amazon, Royal Mail, Posten, and Autopass, with victims led to these sites via text messages. According to a dataset from the Norwegian security company Mnemonic, the program was used to phish card details from over 884,000 cards in just seven months, numbers Google is using in its lawsuit. The data program tricked hundreds of thousands into giving away bank card details and security codes.
Google claims the fraud undermines its reputation because fraudsters misuse its name and logo through fake websites, which can be visited via Chrome, with text messages sent to Android phones. Many fraudsters were located in China while scamming people elsewhere, with over 600 fraudsters using Magic Cat and over 300 testing it from China or Hong Kong, according to an analysis by NRK's media partner Bayerischer Rundfunk. There are few or no fraud victims from China, and the software offered fake websites mimicking companies in over 130 countries, but not China.
NRK revealed last year that Chinese citizen Yucheng C. used the alias 'Darcula' and was behind Magic Cat, with the program logging everything potential victims do on fake websites. This led to the fraud program being shut down and Darcula going underground, with newer versions since launched.