The Darcula PhaaS platform (UNC5814) is an industrialized Chinese-language phishing-as-a-service ecosystem operating across 119 countries, actively intercepting one-time passcodes in real time to defeat MFA, and automatically provisioning stolen payment card data into attacker-controlled digital wallets. Delivery uses Apple iMessage and Android RCS channels, bypassing carrier SMS filtering. This is a platform-level campaign with no CVE and no vendor patch — mitigation requires architectural authentication changes and behavioral detection.