Cyber Criminals Can Clone Branded Websites

The cyber criminal software developers behind the Darcula Phishing-as-a-Service (PhaaS) platform are developing a new version enabling cyber criminals to clone any brand's legitimate website and create a phishing version. Their aim is to reduce the technical expertise required to carry out phishing attacks at scale.

The new version adds first-of-its-kind personalisation capabilities to the previously built Darcula V2 platform, using tools to allow criminals to build advanced phishing kits that can target any brand's website with the click of a button.  

The latest iteration of the phishing suite "represents a significant shift in criminal capabilities, reducing the barrier to entry for bad actors to target any brand with complex, customisable phishing campaigns," according to an analysis from Netcraft

The cyber security company said it has detected and blocked more than 95,000 new Darcula phishing domains, nearly 31,000 IP addresses, and taken down more than 20,000 fraudulent websites since it was exposed in late March 2024.

The most  significant change incorporated into Darcula v.3  is the ability for any user to generate a phishing kit for any brand on-demand.

"The new and remastered version is now ready for testing," the core developers behind the service said in a post made on January 19, 2025, in a Telegram channel that has over 1,200 subscribers. "Now, you can also customise the front-end yourself. Using Darcula-suite, you can complete the production of a front-end in 10 minutes." All a customer has to do is provide the URL of the brand to be impersonated in a web interface, with the platform employing a browser automation tool like Puppeteer to export the HTML and all required assets.

Users can then select the HTML element to replace and inject the phishing content (e.g., payment forms and login fields) such that it matches the look and feel of the branded landing page. The generated phishing page is then uploaded to an admin panel.

Besides featuring dashboards that highlight the aggregated performance statistics of the phishing campaigns, Darcula v3 goes a step further by offering a way to convert the stolen credit card details into a virtual image of the victim's card that can be scanned and added to a digital wallet for illicit purposes. The cards are loaded onto disposable 'burner' phones and sold to other criminals.

For managing phishing campaigns, Darcula offers an easy-to-use interface that aggregates a variety of performance metrics. 

Without having to do anything, their phishing attacks benefit from a variety of anti-detection measures including IP blocking aimed at cyber security companies and user agent blocking designed to fend off Web crawlers. 

Netcraft   |   The Hacker News     |     Netcraft     |     Dark Reading     |     Bleeping Computer  |   SC Media     |    

Facebook

Image: Ideogram

You Might Also Read: 

AI-Based Phishing Attacks Demand A Multi-Pronged Response:


If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Cyber Doomsday Warnings Do More Harm Than Good
Salt Typhoon Exploited Cisco Vulnerabilities »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Optimal IdM

Optimal IdM

Optimal IdM is a leading global provider of identity management solutions and services.

Thermo Systems

Thermo Systems

Thermo Systems is a design-build control systems engineering and construction firm. Capabilties include industrial control system cybersecurity.

RiskCentric

RiskCentric

RiskCentric is a consultancy specializing in risk management and compliance.

Nok Nok Labs

Nok Nok Labs

Nok Nok is a market leader in next generation authentication for cloud, mobile and IoT applications.

CryptoTec

CryptoTec

CryptoTec is a provider of security concepts and encryption solutions for secure communication between decentralized computerized systems.

Lynx

Lynx

Lynx provides high added value services in the area of information systems security and ICT infrastructure building.

IronNet Cybersecurity

IronNet Cybersecurity

IronNet’s product and services provide enterprise-wide security management and visibility of your network, users and assets.

UNIDIR Cyber Policy Portal

UNIDIR Cyber Policy Portal

The UNIDIR Cyber Policy Portal is an online reference tool that maps the cybersecurity and cybersecurity-related policy landscape.

DCX Technology

DCX Technology

Recognized as a leader in security services, DXC Technology help clients prevent potential attack pathways, reduce cyber risk and improve threat detection and incident response.

Spohn Solutions

Spohn Solutions

Spohn combines highly-experienced staff with a vendor neutral approach to deliver optimal solutions for IT Security and Compliance.

DoControl

DoControl

DoControl gives organizations the automated, self-service tools they need for SaaS applications data access monitoring, orchestration, and remediation.

Locuz

Locuz

At Locuz, we’ve made it our mission to help businesses like yours create an actionable digital strategy.

Cyber Security Council UAE

Cyber Security Council UAE

The Cyber Security Council's vision is to protect UAE cyberspace, maintain confidence in our digital infrastructure and institutions, and build a cyber-resilient society.

Karate Labs

Karate Labs

Karate is an open-source unified test automation platform combining API testing, API performance testing, API mocks & UI testing.

ThreatER

ThreatER

ThreateER (formerly ThreatBlockr / Bandura Cyber) is a cybersecurity platform that provides active network defense by automating the discovery, enforcement, and analysis of cyber threats at scale.

Mantra

Mantra

Empower your employees against hackers with Mantra's first all-in-one phishing simulation and cybersecurity awareness platform.