Spiderman Phishing Kit Targets European Financial Institutions

A newly discovered phishing toolkit is making it alarmingly easy for cybercriminals to clone banking websites and steal sensitive user data. Researchers at Varonis identified the kit, dubbed “Spiderman,” which allows attackers to create convincing replicas of financial portals with just a few clicks. This tool lowers the technical barrier for fraud, enabling even those without coding skills to launch sophisticated attacks.

The kit specifically targets major European banks, including Deutsche Bank, ING, Commerzbank, and CaixaBank. It has also been configured to mimic cryptocurrency services such as Ledger and Metamask, as well as various government portals. The campaigns are currently focused on victims in Germany, Spain, Belgium, Austria, and Switzerland.

One of the most dangerous aspects of Spiderman is its ability to bypass modern security measures. The system captures login credentials and second-factor authentication codes, including real-time interception of PhotoTAN and SMS tokens. By filtering traffic based on country and internet service provider, the kit ensures only intended victims reach the fake sites, keeping security researchers out.

The tool is being distributed and supported through an active community, with a dedicated Signal group boasting around 750 members. This network allows criminals to coordinate campaigns and quickly adapt the software when banks update their security protocols. As the kit continues to evolve, the stolen data feeds into growing databases used for identity theft and financial fraud.

We would love to hear if you have noticed any suspicious activity related to your banking apps recently, so please share your experiences in the comments.