Researchers from Netcraft have revealed that they discovered a new phishing-as-a-service platform, which has been named darcula. This sophisticated platform has been deployed on more than 20,000 phishing domains. This platform offers cybercriminals access to phishing templates and makes deployment of phishing sites simple.

Unlike most phishing-as-a-service platforms, darcula can update in place, allowing for the addition of new features and anti-detection measures. For instance, the research observed an update in which the kit was altered to disguise the attack location. 

The research discovered darcula infrastructure domains existed across 11,000 IP addresses in more than 100 countries. Since the beginning of 2024, an average of 120 domains have contained phishing pages each day. The phishing attacks have targeted USPS, DHL and Evri as well as Bulgarian, Australian and Singaporean Posts. The darcula seeks industries that depend on consumer trust, such as postal services, financial institutions, government bodies, telecommunication organizations and more.