New phishing tools enable bad actors to launch phishing attacks with minimal or no technical skills, cybersecurity experts warn.
Malware tools sold as a service on the dark web and encrypted messaging platforms already allow attacks to be conducted regardless of technical ability or prior resources.
The soon-to-be-deployed Darcula DIY phishing kit takes phishing as-a-service (PhaaS) capabilities a step further, allowing anyone to imitate any brand and target users with a click of a button, according to London-based company Netcraft.
The previous version of malware affected over 200 brands worldwide, while Netcraft says it has identified and blocked more than 95,000 malicious darcula URLs and taken down more than 20,000 malicious domains on behalf of clients.
Customizing phishing campaigns
The company examined the Darcula phishing kit and found several changes compared to its previous version, including the ability for users to customize their phishing campaigns.
After typing the URL of an impersonated brand, the Darcula platform uses a browser automation tool, like Puppeteer, to export the HTML and all required assets. Bad actors can replace phishing elements and inject the phishing content, Restyle the phishing form, and more.
Once generated, phishing kits are uploaded to the “admin panel” allowing users to manage campaigns.
“The new admin panel also provides fraudsters a simplified user interface for managing credit cards, stolen credentials, active campaigns, and other details,” Netcraft says in its blog post, adding that dashboards are built on enterprise-grade systems including Docker, Node, React, SQLite.
Once details from stolen cards are pulled from phishing campaigns, the Darcula suite can generate an image of the victim’s card which can be used to scan and add it to a digital wallet.
Phishing threat actors also deploy deception techniques. For example, crawl filtering stops sites from being discovered by web crawlers, while a unique deployment path for each campaign hides deployments from hostname scanning.
Netcraft expects the new darcula suite to launch in mid-February 2025, with user testing in progress.
How to protect yourself from phishing attacks
The inclusion of DIY phishing kits isn't that much more concerning than the previous version, as those with the skill to create phishing kits probably wouldn't be using the PhaaS platform to begin with, says Max Gannon, Cyber Intelligence Team Manager at Cofense.
“What is concerning is the simplification of the service and lowering of technical knowledge requirements to use it. The simpler a kit becomes to use the more widely used we can expect it to be and the more of a threat it becomes,” Gannon notes.
In the past, someone with an extra $60, an internet connection, and no technical knowledge couldn't do much to impact a large number of people. However, the expert says that with simplified kits such as this, one person can now create convincing attacks targeting hundreds of people.
Adrianus Warmenhoven, a cybersecurity expert at Nord Security, has recently demonstrated how easy it has become to launch a phishing campaign. He walked users through a live phishing attack simulation in a video.
“The median time users fall for phishing emails is less than 60 seconds. Nevertheless, preparing and performing phishing attacks does not take much time. Actually, phishing is easier than assembling flat-pack furniture,” he said.
Effective phishing prevention starts with awareness training, such as recognizing suspicious emails, links, and attachments. Attacks can also be prevented by dedicated tools.
Users are advised to regularly monitor their services for signs of data and use tools like the Dark Web Scanner. They should also activate autofill in their password manager, activate multi-factor authentication, and use complex and unique passwords.
Your email address will not be published. Required fields are markedmarked