Cyber Criminals Can Clone Branded Websites

Uploaded on 2025-03-04 in NEWS-Cybersecurity News, FREE TO VIEW

The cyber criminal software developers behind the Darcula Phishing-as-a-Service (PhaaS) platform are developing a new version enabling cyber criminals to clone any brand's legitimate website and create a phishing version. Their aim is to reduce the technical expertise required to carry out phishing attacks at scale.

The new version adds first-of-its-kind personalisation capabilities to the previously built Darcula V2 platform, using tools to allow criminals to build advanced phishing kits that can target any brand's website with the click of a button.  

The latest iteration of the phishing suite "represents a significant shift in criminal capabilities, reducing the barrier to entry for bad actors to target any brand with complex, customisable phishing campaigns," according to an analysis from Netcraft

The cyber security company said it has detected and blocked more than 95,000 new Darcula phishing domains, nearly 31,000 IP addresses, and taken down more than 20,000 fraudulent websites since it was exposed in late March 2024.

The most  significant change incorporated into Darcula v.3  is the ability for any user to generate a phishing kit for any brand on-demand.

"The new and remastered version is now ready for testing," the core developers behind the service said in a post made on January 19, 2025, in a Telegram channel that has over 1,200 subscribers. "Now, you can also customise the front-end yourself. Using Darcula-suite, you can complete the production of a front-end in 10 minutes." All a customer has to do is provide the URL of the brand to be impersonated in a web interface, with the platform employing a browser automation tool like Puppeteer to export the HTML and all required assets.

Users can then select the HTML element to replace and inject the phishing content (e.g., payment forms and login fields) such that it matches the look and feel of the branded landing page. The generated phishing page is then uploaded to an admin panel.

Besides featuring dashboards that highlight the aggregated performance statistics of the phishing campaigns, Darcula v3 goes a step further by offering a way to convert the stolen credit card details into a virtual image of the victim's card that can be scanned and added to a digital wallet for illicit purposes. The cards are loaded onto disposable 'burner' phones and sold to other criminals.

For managing phishing campaigns, Darcula offers an easy-to-use interface that aggregates a variety of performance metrics. 

Without having to do anything, their phishing attacks benefit from a variety of anti-detection measures including IP blocking aimed at cyber security companies and user agent blocking designed to fend off Web crawlers. 

Netcraft   |   The Hacker News     |     Netcraft     |     Dark Reading     |     Bleeping Computer  |   SC Media     |    

Facebook

Image: Ideogram

You Might Also Read: 

AI-Based Phishing Attacks Demand A Multi-Pronged Response:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Cyber Doomsday Warnings Do More Harm Than Good
Salt Typhoon Exploited Cisco Vulnerabilities »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Security Innovation

Security Innovation

Security Innovation is a leader in software security assessments and application security training to top organizations worldwide.

European Cybercrime Training and Education Group (ECTEG)

European Cybercrime Training and Education Group (ECTEG)

The primary aim of ECTEG is to enhance the coordination of cybercrime training, by identifying opportunities to build the capacity of countries to combat cybercrime

CSIRT Malta

CSIRT Malta

CSIRT Malta supports critical infrastructure organisations in Malta on how to protect their information infrastructure assets and systems from cyber threats and incidents.

DefenseStorm

DefenseStorm

DefenseStorm is a Security Data Platform that watches everything on your network and matches it to your policies, providing cybersecurity management that is safe, compliant and cost effective.

Lumen Technologies

Lumen Technologies

Lumen is an enterprise technology platform that enables companies to capitalize on emerging applications and power the 4th Industrial Revolution (4IR).

Ericom Software

Ericom Software

Ericom is a global leader in securing and connecting the digital workspace, offering solutions that secure browsing, and optimize desktop and application delivery to any device, anywhere.

2Keys

2Keys

2Keys designs, deploys and operates Digital Identity Platforms and Cyber Security Platforms through Managed Service and Professional Service engagements.

NSW Cyber Security Innovation Node

NSW Cyber Security Innovation Node

NSW Cyber Security Innovation Node is part of a national network designed to foster and accelerate cyber capability and innovation across Australia.

Enterprise Incubator Foundation (EIF)

Enterprise Incubator Foundation (EIF)

Enterprise Incubator Foundation (EIF) of Armenia is one of the largest technology business incubators and IT development agencies in the region.

MagiQ Technologies

MagiQ Technologies

MagiQ produced the world’s first commercial quantum cryptography product that delivered advanced, future-proof network security.

SecSign Technologies

SecSign Technologies

SecSign Technologies delivers user authentication, messaging, file sharing, and file storage with next generation security for company networks, websites, platforms, and devices.

Thoma Bravo

Thoma Bravo

Thoma Bravo is a leading private equity firm with a 40+ year history and a focus on investing in software and technology companies.

Viettel Cyber Security

Viettel Cyber Security

Viettel Cyber Security is an organization under the Military Telecommunication Industry Group, conducting research and developing information security solutions for domestic and foreign customers.

Truly Secure

Truly Secure

Truly Secure is an IT Service Provider that ensures greater efficiency and security within a company's technological environment.

Judy Security

Judy Security

Judy (formerly AaDya Security) provides smart, simple, effective, all-in-one cybersecurity for SMBs. Get the 24/7 protection and support you deserve, at a price you can afford.

Future Crime Research Foundation (FCRF)

Future Crime Research Foundation (FCRF)

FCRF is a Non-Profit NGO specializing in Research in Cyber Security, Digital Crime, Fraud Risk Management, Cyber Laws and Cyber Forensics.