A new phishing kit, dubbed Spiderman, has been found circulating on the dark web, making it easier than ever to trick customers of major European banks and financial service providers. This is a complete, full-stack phishing kit that allows people with no technical skills to launch broad attacks across multiple countries.
Online threat analysis and data security firm Varonis was the first to report on this threat, detailing how this ready-made program eliminates the need for coding knowledge. Attackers can quickly mimic the login pages of dozens of European financial institutions and even cryptocurrency platforms. Due to its massive scale and reach across five countries, researchers call it “one of the most dangerous” tools they have analysed this year.
Easy Attacks and Broad Targets
Varonis’ investigation, shared with Hackread.com, reveals the Spiderman kit is highly efficient; instead of focusing on just one bank or region, it brings together multiple financial brands into a single platform for wide-scale targeting.
Banks like Deutsche Bank, Commerzbank, ING (in Germany and Belgium), and CaixaBank are among the key targets, along with crypto wallet providers. The seller’s community behind the kit is sizable, with roughly 750 members in a connected messaging group, suggesting it’s already being used extensively.
The attack process is simple, researchers noted in the blog post, as they only have to “pick a bank, launch a pixel-perfect clone, and send a ready-made lure,” which looks identical to a message from the real institution. The kit also includes modules for stealing crypto seed phrases, signalling a shift toward hybrid fraud operations.
Cross-Country Financial Threat
The kit’s most dangerous feature is its ability to steal information in real time. Once a victim enters their login details, the operator immediately receives the data and can trigger additional screens to collect more critical information, such as credit card numbers and one-time security codes (like OTP or PhotoTAN codes).
It is worth noting that a single session can capture a victim’s full identity profile, including their full name, date of birth, and credit card information, which is enough for full account takeover and identity theft.
Additionally, the system is built to avoid being found by security experts using filters that only allow visitors from specific countries (geo-blocking) and exclude visits from known security firm networks. This helps it hide from automated scanners.
“Real-time OTP interception will become the norm,” the researchers suspect, which means banks that rely on these one-time codes are especially vulnerable. The swift evolution of easy-to-use attack tools like Spiderman poses a serious, immediate challenge to digital finance security across Europe.