Darcula, a phishing-as-a-service (PhaaS) platform, has introduced powerful GenAI features to its toolkit. This major update lowers the barrier for cybercrime.
Now, attackers with little or no coding experience can build phishing sites in just minutes. The AI tools help create multi-language pages with custom forms. Therefore, even unskilled actors can launch scams at scale.
Reports say these new capabilities simplify phishing. For example, criminals can generate fake forms that look like real websites. They can also translate pages to local languages, making attacks more convincing.
The platform first gained attention in early 2024. Back then, it used Apple iMessage and RCS to send smishing messages. These messages posed as postal updates to trick users into clicking malicious links.
Advanced Tools for Criminals With Low Skills
Earlier this year, Darcula added tools for cloning real websites. These cloned sites are nearly identical to legitimate brands. Attackers can then use them to steal user credentials and personal data.
This new update, launched in April 2025, adds GenAI to make phishing even easier. According to a recent report, users can now create fake login pages in multiple languages. Additionally, they can design form fields without any coding.
Researchers believe the platform is operated by a group named LARVA-246. This group promotes Darcula on Telegram and connects to other PhaaS tools like Lucid. All are likely part of a wider network known as the Smishing Triad.
This network runs global SMS-based scams. Their operations link back to cybercrime hubs in China. The shared tools, templates, and targets suggest loose collaboration across multiple threat actors.
AI Makes Phishing Faster and More Dangerous
What makes Darcula especially dangerous is its automation. A novice can now set up a phishing page that looks authentic in minutes. GenAI does the work—no programming needed.
Since March 2024, researchers have taken down more than 25,000 Darcula-related phishing pages. They’ve also blocked 31,000 IP addresses and flagged over 90,000 scam domains. However, new phishing campaigns continue to emerge.
How to Defend Against Darcula-Based Attacks
To prevent falling victim to Darcula scams, awareness is key. Organizations should train staff to recognize phishing attempts. Look out for suspicious SMS messages and unknown senders.
Use email and SMS filtering to block known malicious sources. Also, regularly update your cybersecurity tools. Enabling two-factor authentication adds another layer of protection.
Finally, report phishing sites when spotted. Collective reporting helps take down fake domains faster. Staying informed and alert is the best defense.
Sleep well, we got you covered.
