Darcula, a phishing-as-a-service (PhaaS) platform, is now using generative AI to help cybercriminals build fake websites faster. With just a few clicks, almost anyone can now launch a phishing campaign—no coding skills required.
According to cybersecurity firm Netcraft, the new AI features allow attackers to create realistic scam pages in minutes. The toolkit includes automatic form generation, support for many languages, and instant translation. This means phishing can now happen at scale, even from amateurs.
Darcula first appeared in March 2024. It quickly gained attention for sending smishing messages via iMessage and RCS. These texts tricked users into clicking links disguised as updates from trusted sources, like USPS. Since then, Darcula has evolved into something even more dangerous.
Earlier this year, the platform launched a new feature. It lets users clone any website and create a phishing version of it. This means attackers can now mimic well-known brands and trick victims into entering personal data.
Behind Darcula is a threat actor known as LARVA-246. The phishing toolkit is sold through a Telegram channel called “darcula_channel.” It shares many features with other services like Lucid and Lighthouse. These platforms are all linked to a larger network of tools that cybersecurity experts call the Smishing Triad.
This group, believed to operate from China, has been running global scams for years. Their attacks usually start with a simple text. But thanks to platforms like Darcula, they now scale faster, reach more people, and require far less technical skill.
What’s changed? The answer is GenAI.
Darcula’s latest update, announced on April 23, 2025, adds AI-powered customization to phishing pages. The toolkit now fills out form fields automatically. It also translates fake pages into local languages. This makes each scam feel more believable to the victim.
Security researcher Harry Everett said the new tools allow attackers to create and launch a site in just minutes. The process is fast, simple, and nearly automatic.
Since Darcula launched, Netcraft has taken down over 25,000 phishing pages. They’ve also blocked 31,000 IP addresses and flagged more than 90,000 scam domains.
Experts warn this is only the beginning. AI is giving cybercriminals the tools they need to move faster. And platforms like Darcula are making phishing cheaper, smarter, and harder to detect.
