Threat actors behind the Darcula Phishing-as-a-Service (PHAAS) platform prepare a new version that will allow future customers and cybercrook to clone legitimate websites for the brand and create phishing versions It looks like it’s doing it. Stop phishing attacks on a large scale.
The latest iteration of the phishing suite “represents a significant change in criminal ability, reducing barriers to entry for bad actors to target any brand with complex, customizable phishing campaigns,” Netcraft said. It is stated in a new analysis.
The cybersecurity company said it has detected and blocked over 95,000 Darcula phishing domains, nearly 31,000 IP addresses and deleted over 20,000 fraudulent websites since it was first published in late March 2024 .
The biggest change built into Darcula is that any user can generate phishing kits on demand for any brand.
“The newly remastered version is ready for testing,” said the core developer behind the service, which took place on January 19, 2025 on a telegram channel with over 1,200 subscribers. It is mentioned in the post.
“Now you can also customize your frontend yourself. You can complete frontend production in 10 minutes using Darcula-Suite.”
To do this, all customers have to do is to impersonate a web interface and provide the brand’s URL. The platform uses browser automation tools such as Pupteer to export HTML and all the necessary assets.
Users can then select HTML elements and exchange and inject phishing content (such as payment forms and login fields) to match the look and feel of the branded landing page. The generated phishing page is then uploaded to the admin panel.
“Like software products as a service, the Darcula-Suite Phaas platform provides an administrative dashboard that allows scammers to manage a variety of campaigns,” said security researcher Harry Freeborough.
“Once generated, these kits are uploaded to another platform where criminals can manage active campaigns, find extracted data, and monitor deployed phishing campaigns.”
In addition to featuring a dashboard highlighting aggregated performance statistics for phishing campaigns, Darcula V3 also features virtual images of victim cards that can be scanned for details of stolen credit cards and added to their digital wallets. We’re going a step further by providing a way to convert. Illegal purpose. Specifically, the cards are loaded onto burner phones and sold to other criminals.
The tool is said to be in the internal testing phase now. In a follow-up post dated February 10, 2025, the author of the malware posted the message, “I’ve been busy lately, so the V3 update will be postponed for several days.”
Source link
