The Darcula phishing-as-a-service (PhaaS) platform is preparing to release its third major version, with one of the highlighted features, the ability to create do-it-yourself phishing kits to target any brand.
The upcoming release, currently available as a beta, will remove the targeting scope restrictions by offering a finite number of phishing kits and allowing anyone to create their own.
In addition to this new feature, the upcoming release, named 'Darcula Suite,' also lifts technical skills requirements, a new user-friendly admin dashboard, IP and bot filtering, campaign performance measurement, and automated credit card theft/digital wallet loading.
Netcraft researchers tested one of the latest beta builds of Darcula Suite for hands-on analysis and confirmed that the announced features are legitimate.
Darcula emerged last year as a massive PhaaS operation relying on 20,000 domains that spoof renowned brands to steal credentials from Android and iOS users in over 100 countries.
With a much more powerful version underway, Netcraft warns that cybercriminals are moving to it even if the official release isn't out yet.
"Because the container images used to run the admin panel are publicly available at registry[.]magic-cat[.]world, Netcraft was able to get a rough estimate of the number of individuals already exploring this test suite," reads the report.
"The pull count of the API image has increased by more than 100% and the web image by more than 50% from February 5 to February 10."
Announcing the availability of Darcula 3.0 test version
Source: Netcraft
... continue reading