Cybercriminals now have an even more powerful tool at their disposal thanks to the upcoming release of Darcula PhaaS version 3.0. The platform, which was already notorious for spoofing renowned brands to steal credentials from Android and iOS users in over 100 countries, is set to introduce a new feature that allows anyone to create custom phishing kits targeting any brand.
The DIY phishing kit generator, part of the ‘Darcula Suite’ release, enables users to insert the URL of the brand they want to impersonate and automatically generate all required templates for the attack. This process involves cloning the legitimate site using tools like Puppeteer, replacing login fields, payment forms, and two-factor authentication prompts with phishing pages.
The platform’s new features make it even more challenging to detect and stop phishing campaigns. The ease of use of Darcula 3.0 guarantees that phishing volumes will increase, warns Netcraft, a researcher who tested the latest beta build of the platform.
According to Netcraft, the number of individuals exploring the test suite has increased by over 150% since February 5, with more than 100,000 domains and 20,000 phishing sites already detected. The introduction of Darcula 3.0 also raises concerns about the potential for cybercriminals to sell burner phones preloaded with stolen credit cards.
The updated platform boasts a new user-friendly admin dashboard, IP and bot filtering, campaign performance measurement, and automated credit card theft/digital wallet loading. However, its advanced features make it a significant threat to online security.
Source: https://www.bleepingcomputer.com/news/security/darcula-phaas-can-now-auto-generate-phishing-kits-for-any-brand