Cybercriminals behind the notorious Darcula phishing-as-a-service (PhaaS) platform are preparing to roll out a new and more sophisticated version that enables scammers to clone any brand’s legitimate website effortlessly. This advancement significantly lowers the technical expertise required to launch large-scale phishing attacks.
According to cybersecurity firm Netcraft, the latest iteration of the Darcula suite represents a major evolution in cybercrime, making it easier for bad actors to orchestrate highly customized and complex phishing campaigns. Since Darcula was first exposed in March 2024, Netcraft has blocked over 95,000 phishing domains, flagged nearly 31,000 IP addresses, and taken down more than 20,000 fraudulent websites linked to the platform.
On-Demand Phishing Kits: A Game Changer for Cybercriminals
One of the most alarming features of the upcoming version is its ability to generate phishing kits for any brand instantly. In a post dated January 19, 2025, on a Telegram channel with over 1,200 subscribers, Darcula’s developers announced, “The new and remastered version is now ready for testing.”
ALSO READ: Future Crime Summit 2025 Concludes the Biggest Global Hackathon on Digital Forensics
They further boasted that users could now customize phishing pages within minutes using the Darcula suite. By simply entering a brand’s URL into the platform’s web interface, a browser automation tool—such as Puppeteer—extracts the legitimate website’s HTML along with all necessary assets.
Scammers can then modify key elements, such as login pages and payment forms, to create near-identical phishing versions. The finished fraudulent page is uploaded to an admin panel, allowing cybercriminals to manage their campaigns effortlessly.
Phishing-as-a-Service: A Full-Fledged Criminal Toolkit
Just like any Software-as-a-Service (SaaS) product, Darcula’s platform includes an admin dashboard designed to simplify phishing operations. Security researcher Harry Freeborough explained, “Once generated, these kits are uploaded to another platform where criminals can manage their active campaigns, retrieve stolen data, and track the performance of their phishing attempts.”
The latest version, Darcula v3, goes a step further by offering a disturbing new feature—converting stolen credit card details into a virtual replica of the victim’s card. This digital copy can then be loaded onto burner phones and sold to other criminals for illicit transactions via digital wallets.
Delayed But Inevitable: A Looming Cyber Threat
Currently in its internal testing phase, Darcula v3 was expected to launch soon. However, in a follow-up post on February 10, 2025, the malware developer shared an update stating, “I have been busy these days, so the v3 update will be postponed for a few days.”
While the delay may offer a temporary reprieve, cybersecurity experts warn that once released, Darcula’s advanced phishing capabilities could significantly amplify online fraud, posing a greater threat to individuals and businesses worldwide.