FlagThis

The Darcula phishing-as-a-service (PhaaS) platform is set to launch its third major version, Darcula 3.0, offering cybercriminals unprecedented capabilities. A key feature is the ability for even tech-illiterate individuals to create and deploy do-it-yourself phishing kits targeting any brand globally. This is made possible through browser automation tools like Puppeteer and Headless Chrome, allowing users to clone legitimate websites and inject malicious content with minimal effort. The platform also simplifies the creation of phishing kits by extracting assets and HTML structure from targeted brand websites, enabling fraudsters to customize templates and generate multi-step pages for data collection, such as payment details and two-factor authentication codes.

The updated Darcula platform includes a user-friendly interface that automates the creation of phishing kits. The final product is exported as a “.cat-page” bundle, deployable via Darcula’s admin panel. The admin panel, resembling legitimate Software-as-a-Service (SaaS) platforms, provides dashboards to manage stolen data, monitor campaigns, and configure advanced deception techniques. Built using technologies like Docker, React, and SQLite, it offers IP filtering, web crawler blocking, and device-specific access restrictions to evade detection. The platform also facilitates monetization of stolen data by enabling fraudsters to generate virtual cards from compromised payment details.

ImgSrc: www.bleepstatic

References :

• cyberpress.org: Darcula 3.0 – A Tool that Offer Phishing kit for Any Brands
• The Hacker News: Cybercriminals Can Now Clone Any Brand’s Site in Minutes Using Darcula PhaaS v3
• www.bleepingcomputer.com: The Darcula phishing-as-a-service (PhaaS) platform is preparing to release its third major version, with one of the highlighted features, the ability to create do-it-yourself phishing kits to target any brand.
• www.helpnetsecurity.com: Darcula allows tech-illiterate crooks to create, deploy DIY phishing kits targeting any brand
• gbhackers.com: New Darcula 3.0 Tool Generates Phishing Kits to Mimic Global Brands
• Talkback Resources: 'Darcula' Phishing Kit Can Now Impersonate Any Brand
• BleepingComputer: The Darcula phishing-as-a-service (PhaaS) platform is preparing to release its third major version, with one of the highlighted features, the ability to create do-it-yourself phishing kits to target any brand.
• gbhackers.com: GB Hackers - New Darcula 3.0 Tool Generates Phishing Kits to Mimic Global Brands
• Help Net Security: Help Net Security - Darcula allows tech-illiterate crooks to create, deploy DIY phishing kits targeting any brand
• Cyber Security News: Darcula 3.0 – A Tool that Offer Phishing kit for Any Brands
• The420.in: Cybercriminals behind the notorious Darcula phishing-as-a-service (PhaaS) platform are preparing to roll out a new and more sophisticated version that enables scammers to clone any brand’s legitimate website effortlessly.
• www.the420.in: Darcula Phishing Platform Set to Launch Advanced Version
• Cybernews: Infosec exchange discussing new phishing tool for cybercriminals

Classification:

• HashTags: #PhaaS #Phishing #Cybercrime
• Company: Darcula
• Target: Global brands and their customers
• Attacker: Darcula
• Product: Darcula
• Feature: Phishing kit generation
• Type: Phishing
• Severity: High