Phishing kit creation site for threat actors gets an update
Crooks are about to get more tools for building phishing campaigns with copies of organizations brands from the Chinese-language Darkula platform
Threat actors are about to gain a new tool for launching phishing attacks. The crooks behind the Darkula phishing-as-a-service tool are beta-testing version 3, which includes personalization capabilities allowing customers to build advanced phishing kits for building attack campaigns that can now target any brand with the click of a button.
“These on-demand, DIY phishing kits represent a massive risk to brands that were not previously included in Darcula V2’s library,” researchers at Netcraft said today.
Darcula is a Chinese-language platform developed by a Telegram user with the same nickname. It offers a paid monthly subscription to other criminals for use of the platform for building phishing kits.
What can infosec leaders do? Remind employees during regular security awareness training of the threat of email and text messages from unexpected senders – regardless of whether it looks like the message came from a government office, a delivery company or a bank – asking for personal information.
They also have to monitor the internet or buy technology to identify and block phishing sits.
According to Netcraft, earlier versions of Darkula’s pre-built phishing content aimed at many of the world’s largest brands including public and private utilities, financial institutions, government bodies, airlines, and telcos.
One favoured brand for fooling American victims: The United States Postal service (USPS). Crooks hope victims would fall for email or text messages with a USPS logo saying a package is ready for delivery if the person enters their name, address and possibly a credit card number for a supposed delivery charge.
How easy is it to use? Netcraft says all a paid subscriber has to do is fill out a form with the URL of the real brand the attacker plans to impersonate and the platform will pull out the HTML and all required assets. The user then selects the HTML element to replace and inject the phishing content. Then they choose a new form from a selection of scam templates (for example asking for payment details or sensitive information) and restyle the phishing form to match the look and feel of the branded landing page. The platform also generates separate pages for the initial lure page, address input, card details, and two-factor authentication code.
The final phishing kit can be uploaded to another platform where crooks can manage their active campaigns.