Darcula 3.0 phishing-as-a-service ecosystem adds AI automation and anti-detection at scale
Threat Actor Meta
Summary
Hide ▲
Show ▼
Darcula 3.0 has added anti-detection features, an enhanced admin panel, a card-cloning tool, and AI-driven automation, making phishing-page creation faster and easier for operators. The upgraded phishing-as-a-service ecosystem matters because it lowers the skill barrier for abuse while supporting a network that spans more than 20,000 spoofed domains across 100 countries.
Related Happenings
Lucifer DaaS’s evolution into a commission-based drainer service platform
Threat Actor Meta
First: 21.05.2026 17:00
Last: 21.05.2026 17:00
Sources 1
About this happening:
**Lucifer DaaS** has evolved into a **structured underground drainer platform**, shifting wallet theft from isolated phishing pages to a commission-based service model that scales...
Lucifer DaaS’s evolution into a commission-based drainer service platform
Threat Actor MetaAbout this happening: **Lucifer DaaS** has evolved into a **structured underground drainer platform**, shifting wallet theft from isolated phishing pages to a commission-based service model that scales...
Bluekit alliance reshapes ransomware ecosystem operations
Threat Actor Meta
First: 30.04.2026 21:58
Last: 30.04.2026 21:58
Sources 1
About this happening:
Bluekit's **AI-assisted** phishing kit has expanded into an **all-in-one** service, lowering the barrier for cybercriminal operators and signaling a more industrialized phishing m...
Bluekit alliance reshapes ransomware ecosystem operations
Threat Actor MetaAbout this happening: Bluekit's **AI-assisted** phishing kit has expanded into an **all-in-one** service, lowering the barrier for cybercriminal operators and signaling a more industrialized phishing m...
NCSC Share and Defend blocks nearly one billion scam site attempts via ISP DNS filters
Security Tool/Service
First: 03.12.2025 18:08
Last: 03.12.2025 18:08
Sources 1
About this happening:
The **NCSC Share and Defend** service has blocked **almost one billion** scam website access attempts in **less than a year**, showing large-scale disruption of malicious site rea...
NCSC Share and Defend blocks nearly one billion scam site attempts via ISP DNS filters
Security Tool/ServiceAbout this happening: The **NCSC Share and Defend** service has blocked **almost one billion** scam website access attempts in **less than a year**, showing large-scale disruption of malicious site rea...
Malicious LLM testing shows WormGPT 4 and KawaiiGPT generating reusable ransomware, phishing, and lateral-movement code
Technical Analysis
First: 27.11.2025 19:15
Last: 27.11.2025 19:15
Sources 1
About this happening:
Malicious **LLMs** such as **WormGPT 4** and **KawaiiGPT** are now generating reusable offensive code, raising the risk that **low-skilled attackers** can run ransomware, phishing...
Malicious LLM testing shows WormGPT 4 and KawaiiGPT generating reusable ransomware, phishing, and lateral-movement code
Technical AnalysisAbout this happening: Malicious **LLMs** such as **WormGPT 4** and **KawaiiGPT** are now generating reusable offensive code, raising the risk that **low-skilled attackers** can run ransomware, phishing...
Smishing Triad expanding SMS phishing campaign
Campaign
First: 25.11.2025 18:00
Last: 25.11.2025 18:00
Sources 1
How related:
The discovery by Dark Atlas points to an expanding campaign run by the Smishing Triad, a Chinese-speaking cybercrime group known for large-scale SMS phishing operations.
About this happening:
The **Smishing Triad** is expanding a **SMS phishing and fraud campaign** that uses **impersonation domains** to steal data from **individuals and organizations**. The operation n...
Smishing Triad expanding SMS phishing campaign
CampaignHow related: The discovery by Dark Atlas points to an expanding campaign run by the Smishing Triad, a Chinese-speaking cybercrime group known for large-scale SMS phishing operations.
About this happening: The **Smishing Triad** is expanding a **SMS phishing and fraud campaign** that uses **impersonation domains** to steal data from **individuals and organizations**. The operation n...
Timeline
-
25.11.2025 18:00 2 articles · 6mo ago
Darcula 3.0 adds anti-detection and single-click phishing page generation
Technical Analysis UpdateDarcula 3.0 is described as a large-scale phishing-as-a-service platform operating more than 20,000 spoofed domains across 100 countries, with anti-detection features, an enhanced admin panel, a card-cloning tool, and AI-driven automation that lets operators build phishing pages with a single click.
Show sources
- Smishing Triad Impersonation Campaigns Expand Globally — www.infosecurity-magazine.com — 25.11.2025 18:00
- Smishing Triad Impersonation Campaigns Expand Globally — www.infosecurity-magazine.com — 25.11.2025 18:00