A significant upgrade to the Darcula phishing-as-a-service (PhaaS) platform is in development, introducing sophisticated website cloning features that lower the technical barriers for conducting phishing attacks. The platform’s new version enables users to create exact replicas of legitimate brand websites for malicious purposes.

Since its discovery in March 2024, security firm Netcraft has identified and blocked:
– Over 95,000 Darcula phishing domains
– Nearly 31,000 IP addresses
– More than 20,000 fraudulent websites

Key Features of Darcula v3:
– Automated website cloning using Puppeteer browser automation
– Customizable phishing content injection
– Streamlined admin dashboard for campaign management
– Performance tracking and statistics
– Virtual credit card generation from stolen data

The platform’s developers announced the testing phase on January 19, 2025, through their Telegram channel with 1,200+ subscribers. The new version promises a 10-minute website cloning process, requiring only the target URL to generate a complete phishing kit.

Security researcher Harry Freeborough notes that the platform operates like traditional SaaS products, providing comprehensive campaign management tools and data extraction capabilities. A notable addition is the ability to convert stolen credit card information into virtual cards, which can be loaded onto burner phones for illegal transactions.

The final release of Darcula v3 has been temporarily delayed, as announced by the developer on February 10, 2025.