FlagThis - #darcula

The Darcula phishing-as-a-service (PhaaS) platform has recently integrated generative AI capabilities, marking a significant escalation in phishing threats. This update allows even individuals with limited technical skills to create highly convincing phishing pages at an unprecedented speed and scale. Security researchers spotted the update on April 23, 2025, noting that the addition of AI makes it simple to generate phishing forms in any language and translate them for new locations, simplifying the process to build tailored phishing pages with multi-language support and form generation — all without any programming knowledge.

The new AI-assisted features amplify Darcula's threat potential and include tools for customizing input forms and enhancing the layout and visual styling of cloned websites, according to Netcraft. The service allows users to provide a URL for any legitimate brand or service, after which Darcula downloads all of the assets from the legitimate website and creates a version that can be edited. Subscribers can then inject phishing forms or credential captures into the cloned website, which looks just like the original. The integration of generative AI streamlines this process, enabling less tech-savvy criminals to deploy customized scams in minutes.

This development lowers the technical barrier for creating phishing pages and is considered to be 'democratizing cybercrime'. Netcraft, a cybersecurity company, has reported taking down more than 25,000 Darcula pages and blocking nearly 31,000 IP addresses since March 2024. The Darcula suite uses iMessage and RCS to send text messages, which allows the messages to bypass SMS firewalls. Because of this, enterprise security teams now face an immediate escalation in phishing threats.


References :

• The Register - Security: Darcula, a cybercrime outfit that offers a phishing-as-a-service kit to other criminals, this week added AI capabilities to its kit that help would-be vampires spin up phishing sites in multiple languages more efficiently.
• www.csoonline.com: The Darcula platform has been behind several high-profile phishing campaigns in the past, targeting both Apple and Android users in the UK, and including package delivery scams that impersonated the United States Postal Service (USPS).
• The Hacker News: The threat actors behind the Darcula phishing-as-a-service (PhaaS) platform have released new updates to their cybercrime suite with generative artificial intelligence (GenAI) capabilities. "This addition lowers the technical barrier for creating phishing pages, enabling less tech-savvy criminals to deploy customized scams in minutes," Netcraft said in a fresh report shared with The Hacker News.
• Daily CyberSecurity: Netcraft researchers have uncovered a major development in the world of phishing-as-a-service (PhaaS): an update to the darcula-suite
• Blog: ‘Darcula’ PhaaS gets generative AI upgrade
• hackread.com: Darcula Phishing Kit Uses AI to Evade Detection, Experts Warn
• securityonline.info: Darcula-Suite: AI Revolutionizes Phishing-as-a-Service Operations

Classification:

• HashTags: #Phishing #AI #Cybercrime
• Attacker: Darcula
• Product: Phishing Toolkit
• Feature: AI
• Type: Hack
• Severity: Major