Darcula is now AI-enabled, draining the life from victims everywhere
Darcula, the phishing-as-a-service platform, is now AI-enabled, making it easier for threat actors to harvest credentials anywhere in the world.

Image by Getty/Silver Screen Collection
Darcula, the phishing-as-a-service platform, is now AI-enabled, making it easier for threat actors to harvest credentials anywhere in the world.
The cybercrime kit, Darcula, is a service where criminals can access pre-made templates that lower the barrier to entry into cybercrime.
Threat actors simply need to provide the URL of a legitimate business, brand, or service, and Darcula creates a spoof of the site that can easily be edited.
The legitimate-looking website allows criminals to place malicious links for credential harvesting.
The subscription is relatively cheap, making it even easier for threat actors to harvest users’ data.
But Darcula just got an upgrade, as discovered by security researchers at Netcraft.
Darcula is now AI automated, meaning that attackers can now use artificial intelligence to generate phishing attacks in different languages.
The example provided by the researchers shows the threat actor using AI to execute phishing attacks in Chinese. The criminal then adds more details and translates that into English, The Register reports.
These scams allow non-tech-savvy people to generate scams in minutes.
Built on JavaScript frameworks, Docker, and Harbor, Darcula imitates legitimate software-as-a-service companies.
“Attackers spread phishing lures through SMS, RCS, and iMessage, even using tactics to trick recipients into replying so links become clickable on iOS,” Netcraft said.
The addition of AI allows users to quickly scale up these attacks as it allows low level cybercriminals to attack users from all around the world quickly and effectively.
Netcraft urges users to be skeptical of messages sent in RCS groups, be wary of RCS or iMessages coming from unknown numbers or email addresses, and make sure you’re visiting sites from legitimate brands.