Magic Mouse SMS Scam Surpasses Magic Cat in Credit Card Theft

A New Text Scam Operation is Growing Fast

If you’ve ever received a suspicious text about an unpaid toll or missed delivery, you’re not alone.
These scam messages trick people into clicking links, entering personal details, and giving away credit card information.

Security experts now warn that a new global scam network, called Magic Mouse, is stealing hundreds of thousands of cards each month.

From Magic Cat to Magic Mouse

In 2024, a massive scam called Magic Cat targeted millions with fake text alerts. Victims believed the messages came from postal services, government agencies, or delivery companies.

When people entered their credit card details on phishing sites, the scammers quickly drained their accounts. Over seven months, Magic Cat collected at least 884,000 stolen credit card details.

The man behind Magic Cat, known online as Darcula, was unmasked by Oslo-based security firm Mnemonic and Norwegian media. His real identity: 24-year-old Chinese national Yucheng C.

Soon after being exposed, Darcula vanished — and Magic Cat stopped operating. But in its place, Magic Mouse has taken over.

Inside the New Magic Mouse Operation

Harrison Sand, offensive security consultant at Mnemonic, says Magic Mouse appeared shortly after Magic Cat ended.

Researchers found evidence in Telegram channels, including:

• Photos showing rows of credit card payment terminals.

• Videos of racks filled with dozens of phones sending scam texts.

• Mobile wallets on these phones loaded with stolen credit cards.

The process is simple but effective.
Scammers load stolen card data into mobile wallets, then make fraudulent payments. They launder the stolen funds into other accounts.

Scale of the Threat

Magic Mouse is already stealing about 650,000 credit cards every month.
While run by different people, the operation uses phishing kits stolen from Magic Cat.

These kits mimic hundreds of legitimate websites, including:

• Major technology companies

• Popular online services

• Global delivery brands

By copying real websites, scammers trick victims into handing over sensitive information.

Lack of Law Enforcement Action

Despite the scale, Sand says law enforcement rarely targets the full operation.
Instead, they respond only to individual fraud reports, leaving the network mostly untouched.

According to Sand, big tech firms and financial institutions could do more to block fraudulent transactions and make stolen cards harder to use.

How to Protect Yourself

If you receive a suspicious text:

• Don’t click links from unknown senders.

• Ignore messages asking for payment or account details.

• Verify requests by contacting the company directly.

Key Takeaways

• Magic Cat scam stole over 884,000 credit cards in 2024 before its creator was exposed.

• New Magic Mouse operation now steals 650,000 cards per month.

• Uses stolen phishing kits to mimic real company websites.

• Fraudsters load stolen cards into mobile wallets for payment scams.

• Law enforcement action is limited; prevention largely falls on tech and financial companies.

This growing threat shows how quickly cybercrime adapts. As one operation ends, another emerges, often more powerful than before.