Findings Point to Growing “Fraud as a Service” Market
“Darcula” is an example of a “Phishing as a Service” platform. By making sophisticated phishing tools readily available, these platforms enable unskilled cybercriminals to carry out attacks with ease. “Darcula” differs from traditional PaaS models in that it deploys advanced infrastructure and a subscription-based model.
Subscribers can access realistic replicas of different banking websites, e-commerce platforms, and payment portals. What’s more, “Darcula” uses real-time “session hijacking” to bypass multi-factor authentication (MFA), meaning that it is particularly difficult to combat.
“Darcula” is just one small part of the increasingly lucrative “Fraud as a Service” ecosystem. In 2023, Ravelin found that 56% of fraud analysts globally have reported that FaaS schemes have been used to target their organizations, signaling a massive surge in its popularity.
