A new version of Darcula, a phishing-as-a-service (PhaaS) platform aimed at Chinese-speaking criminals, is set to be released this month. The improved platform allows malicious users to create customized phishing kits targeting over 200 brands worldwide with ease.
Darcula’s automated features make it easy for technically inexperienced individuals to launch phishing campaigns, while the current version already offers pre-built phishing kits for various brands. However, the new Darcula v3 introduces a significant innovation: any user can generate a phishing kit for any brand by simply accessing the platform’s interface and inserting the URL of the target brand.
Users can customize the HTML elements and inject specific phishing content to match the branded page, creating lookalike pages that perfect the illusion. The platform also creates a ” bundle” containing all necessary pages, which can be uploaded and used for launching phishing campaigns.
The new admin panel provides a simplified interface for managing credit cards, stolen credentials, and active campaigns, making it more accessible for malicious users. Darcula’s phishing messages can be sent out in bulk using scripts or device farms, and the platform implements advanced deception techniques to prevent discovery of campaigns.
Stolen payment information is leveraged by criminals to generate images of the victim’s card, which can be added to digital wallets by scanning the image. This allows crooks to sell stolen cards on burner phones, loaded with up to 20 cards per device. The process involves tricking users into linking their financial institution’s verification code to a mobile wallet controlled by the scammers.
The released Darcula v3 expands the phishing platform’s capabilities, allowing it to target a wider range of brands and increasing the sophistication of its campaigns.
Source: https://www.helpnetsecurity.com/2025/02/20/darcula-allows-tech-illiterate-crooks-to-create-deploy-diy-phishing-kits-targeting-any-brand