Press ReleaseCyber Crime & ForensicThreat Detection & Defense

New Barracuda Report: Phishing Kits Doubled in 2025

MFA Bypass and URL Obfuscation Observed in Almost Half of All Attacks

In 2025, the number of known phishing-as-a-service (PhaaS) kits doubled in number, increasing the pressure on security teams trying to defend against this ever-evolving threat, according to Barracuda’s phishing review of 2025.

Analysing attacks in Asia Pacific and across the globe, Barracuda found aggressive newcomers such as Whisper 2FA and GhostFrame introduced inventive and evasive tools and tactics, including a suite of techniques to prevent analysis of their malicious code, while established groups such as Mamba and Tycoon continued to evolve and thrive. Each kit was behind millions of attacks globally.

Most Common Phishing Kits

According to Barracuda’s analysis, the most prevalent tools and techniques used by phishing kits in 2025 were:

  • Multifactor authentication bypass, seen in 48% of attacks.
  • URL obfuscation techniques, also seen in 48%.
  • The abuse of CAPTCHA for evasion, which featured in 43% of all attacks.
  • Polymorphic techniques and the use of malicious QR codes, each seen in around 20% of attacks.
  • Malicious attachments, used in 18% of all attacks.
  • The abuse of trusted online platforms (seen in 10% of attacks) and the use of generative AI tools such as zero-code development sites (also 10%).

The main themes used for phishing emails are remarkably like previous years, although they have evolved with time thanks to the use of generative AI and other tools.

When Defences Need to Evolve as Well

In 2025, one in five (19%) phishing emails related to payment and invoices scams. Digital signature and document review emails accounted for 18% of attacks, with HR-related documents featuring in 13%. Many exploited trusted brand names, mimicking websites and logos with increasing accuracy.

“Phishing kits shifted up another level in 2025 as they increased in number and sophistication, bringing advanced, full-service attack platforms to even less-skilled cybercriminals and enabling them to launch powerful attacks at scale,” said Ashok, Sakthivel, Director, Software Engineering, at Barracuda. “The kits feature techniques designed to make it harder users and security teams to detect and prevent fraud. To stay protected, organisations need to move past static defences and adopt layered strategies: user training, phishing-resistant MFA, continuous monitoring, and to ensure email security sits at the heart of an integrated, end-to-end security strategy.”

Commenting, Mark Lukie, Director of Solution Architects at Barracuda, added: “Phishing remains a serious issue in Asia-Pacific and the findings of our Phishing Review of 2025 highlights just how quickly attackers are refining their methods. With MFA bypass and evasion techniques now commonplace, organisations need to reassess whether their existing controls are keeping pace and ensure they have visibility across the full attack lifecycle.”

Read the full blog: https://blog.barracuda.com/2026/01/07/threat-spotlight-phishing-kits-evolved-2025.

CSA Editorial

Launched in Jan 2018, in partnership with Cyber Security Malaysia (an agency under MOSTI). CSA is a news and content platform focusing on key issues in cybersecurity in the region. CSA is targeted to serve the needs of cybersecurity professionals, IT professionals, Risk professionals and C-Levels who have an obligation to understand the impact of cyber threats.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *