The threat actors behind the Darcula phishing-as-a-service (PhaaS) platform have made significant changes to their tool, making it easier for cyber crooks to carry out phishing attacks. The new version allows users to clone any legitimate website and create a custom phishing version with minimal technical expertise.
According to Netcraft, this change represents a major shift in the capabilities of bad actors, reducing the barrier to entry for targeting any brand with complex, customizable phishing campaigns. Darcula’s developers have detected over 95,000 new phishing domains, 31,000 IP addresses, and taken down more than 20,000 fraudulent websites since its exposure in March 2024.
The main improvement in the new version is the ability to generate a phishing kit for any brand on-demand, using a web interface that requires only the URL of the brand to impersonate. This process can be completed in just 10 minutes. Users can then customize the front-end and upload the generated phishing page to an admin panel.
Darcula’s PhaaS platform provides admin dashboards that make it simple for fraudsters to manage their campaigns, track performance statistics, and extract data from victims. The latest update also includes a feature that converts stolen credit card details into virtual images, which can be scanned and added to digital wallets for illicit purposes.
However, the development of this new feature is currently in an internal testing stage, with the author stating they have been busy and will postpone the update for a few days.
Source: https://thehackernews.com/2025/02/cybercriminals-can-now-clone-any-brands.html