New “Spiderman” Phishing Kit Lets Hackers Build Fake Bank Login Pages Instantly
A new and sophisticated phishing toolkit, known as “Spiderman,” has been identified as a significant threat to European banking customers. This toolkit enables cybercriminals to create convincing fake login pages for numerous financial institutions with minimal effort, using just a few clicks.
This development represents a dangerous evolution in phishing-as-a-service operations, which target the financial sector with increasing sophistication and frequency.
Professional Phishing Framework Targets Multiple Countries
The Spiderman phishing kit is notable for its comprehensive approach, providing a user-friendly interface that consolidates login page templates for multiple European banks and cryptocurrency platforms. This streamlined approach allows attackers to easily create fake login pages that closely resemble those of legitimate financial institutions.

Unlike traditional phishing kits, which typically focus on individual institutions, the Spiderman kit provides attackers with ready-made clones for major banks across five countries, including Deutsche Bank, Commerzbank, ING, and CaixaBank. This allows cybercriminals to launch large-scale phishing campaigns with ease.
Security researchers have identified approximately 750 members in a Signal messenger group associated with the toolkit’s seller, indicating widespread distribution and active usage within the cybercriminal community.

The scale of this operation suggests that the Spiderman kit is already being deployed in large-scale phishing campaigns throughout Europe, posing a significant threat to financial institutions and their customers.
What makes the Spiderman kit particularly dangerous is its level of automation, which allows attackers to launch sophisticated phishing operations without requiring extensive technical knowledge or web development expertise.
The kit’s streamlined process enables criminals to select a target bank, generate a pixel-perfect replica of its login page, and deploy phishing campaigns within minutes. This ease of use has lowered the barrier to entry for cybercriminals, making it easier for them to launch large-scale phishing campaigns.
The toolkit features a comprehensive control panel that monitors victim sessions in real time, capturing sensitive information such as usernames, passwords, credit card details, PhotoTAN codes, and personal identification information.
According to Varonis, this multi-step approach is specifically designed to bypass European banking security measures, including two-factor authentication systems, making it a highly effective tool for cybercriminals.
The Spiderman kit also incorporates sophisticated anti-detection capabilities, including country allowlisting, ISP filtering, and device-type restrictions, which help attackers evade security scanners and automated detection tools by blocking traffic from data centers, VPNs, and research organizations.
Furthermore, the kit targets cryptocurrency users, with dedicated modules for harvesting seed phrases from popular wallets such as Ledger, MetaMask, and Exodus, signaling a shift toward hybrid banking and crypto-fraud operations.