Overview
- Varonis analyzed the dark‑web kit and found it creates pixel‑perfect replicas of banking and crypto portals across five European markets.
- The platform captures passwords, credit card data, PhotoTAN and other OTP codes, plus crypto wallet seed phrases in real time for instant takeovers.
- Targets include major brands such as Deutsche Bank, Commerzbank, ING, CaixaBank, Klarna, and PayPal, as well as Ledger, Metamask, and Exodus.
- Operators control live victim sessions from a dashboard with one‑click data export, geo/ISP/device filters, and redirects to evade researchers.
- Researchers observed growing criminal adoption, including a Signal group of about 750 members, with public warnings but no coordinated takedown reported.