The cybercriminal group behind the Darcula phishing-as-a-service (PhaaS) platform has unveiled a significant update, incorporating generative artificial intelligence (GenAI) capabilities into their toolkit. This advancement dramatically simplifies the creation of customized phishing pages, enabling individuals with minimal technical expertise to launch sophisticated phishing campaigns swiftly.
Darcula first emerged in March 2024, utilizing Apple iMessage and RCS to disseminate smishing messages that impersonated reputable postal services like USPS. These messages lured recipients into clicking malicious links, leading to fraudulent websites designed to harvest sensitive information. In early 2025, Darcula expanded its capabilities, allowing users to clone any brand’s legitimate website to create convincing phishing versions.
The latest enhancement, announced on April 23, 2025, integrates GenAI to further streamline the phishing process. This integration offers features such as multi-language support, automated form generation, and the ability to translate phishing content into various languages, all without requiring programming knowledge. As a result, even novice attackers can now craft and deploy customized phishing sites within minutes.
Netcraft, a cybersecurity firm monitoring Darcula’s activities, reports that since March 2024, they have taken down over 25,000 Darcula-related phishing pages, blocked nearly 31,000 IP addresses, and identified more than 90,000 phishing domains associated with the platform. Despite these efforts, the integration of GenAI into Darcula’s toolkit poses a significant challenge to cybersecurity defenses, as it lowers the barrier to entry for cybercriminals and increases the potential scale and sophistication of phishing attacks.
