Ethical Hacking News
A new phishing-as-a-service (PhaaS) platform called Lucid has been identified as the mastermind behind a massive global attack, targeting 169 entities in 88 countries using smishing messages propagated via Apple iMessage and Rich Communication Services (RCS) for Android. With its sophisticated phishing tactics and high success rates, Lucid poses a significant threat to global financial security, requiring immediate action from financial institutions and cybersecurity experts.
Lucid PhaaS platform has been identified as the mastermind behind a massive global attack targeting 169 entities in 88 countries. Lucid's unique selling point lies in its ability to weaponize legitimate communication platforms to sidestep traditional SMS-based detection mechanisms. The threat actors behind Lucid are assessed to be a group of skilled cybercriminals with developed PhaaS platforms, including Lighthouse and Darcula. Lucid's operators have been found to impersonate various services, employing convincing phishing templates to deceive victims into providing sensitive information. The platform uses sophisticated techniques to evade detection by iMessage and RCS filtering, including "please reply with Y" techniques and rotating sending domains/numbers. The Lucid PhaaS panel reveals a highly organized and interconnected ecosystem of phishing-as-a-service platforms operated by Chinese-speaking threat actors. Financial institutions and cybersecurity experts must take immediate action to protect themselves against the threat posed by Lucid and similar PhaaS platforms.
In a recent revelation that has left cybersecurity experts and financial institutions on high alert, a sophisticated phishing-as-a-service (PhaaS) platform called Lucid has been identified as the mastermind behind a massive global attack. The platform, which is believed to be operated by a Chinese-speaking hacking crew known as the XinXin group, has targeted 169 entities in 88 countries using smishing messages propagated via Apple iMessage and Rich Communication Services (RCS) for Android.
According to Swiss cybersecurity company PRODAFT, Lucid's unique selling point lies in its ability to weaponize legitimate communication platforms to sidestep traditional SMS-based detection mechanisms. This allows the platform to conduct large-scale phishing campaigns with high success rates, making it an attractive option for threat actors looking to harvest credit card details for financial fraud.
The threat actors behind Lucid are assessed to be a group of skilled cybercriminals who have developed a range of PhaaS platforms, including Lighthouse and Darcula. These platforms share overlaps in templates, target pools, and tactics, suggesting a flourishing underground economy where Chinese-speaking actors are leveraging Telegram to advertise their services on a subscription basis.
The phishing campaigns conducted by Lucid's operators have been found to impersonate postal services, courier companies, toll payment systems, and tax refund agencies, employing convincing phishing templates to deceive victims into providing sensitive information. These campaigns have been powered on the backend via iPhone device farms and mobile device emulators running on Windows systems, which can send hundreds of thousands of scam messages containing bogus links in a coordinated fashion.
To evade detection by iMessage's link-clicking restrictions, Lucid's operators employ "please reply with Y" techniques to establish two-way communication. For Google's RCS filtering, they constantly rotate sending domains/numbers to avoid pattern recognition. This level of sophistication suggests that the threat actors behind Lucid are highly organized and interconnected, with a strong understanding of the latest phishing tactics and technologies.
The Lucid PhaaS panel has revealed a highly organized and interconnected ecosystem of phishing-as-a-service platforms operated by Chinese-speaking threat actors, primarily under the XinXin group. This finding is significant, as it highlights the growing threat posed by these types of platforms, which can be used to conduct large-scale phishing attacks with high success rates.
The development comes as Barracuda warned of a "massive spike" in PhaaS attacks in early 2025 using Tycoon 2FA, EvilProxy, and Sneaky 2FA, with each service accounting for 89%, 8%, and 3% of all the PhaaS incidents, respectively. This suggests that the threat landscape is becoming increasingly complex and evasive, making it harder for traditional security tools to detect and respond to phishing attacks.
"Phishing emails are the gateway for many attacks, from credential theft to financial fraud, ransomware, and more," said Deerendra Prasad, a security researcher at Barracuda. "The platforms that power phishing-as-a-service are increasingly complex and evasive, making phishing attacks both harder for traditional security tools to detect and more powerful in terms of the damage they can do."
In light of these findings, financial institutions and cybersecurity experts must take immediate action to protect themselves against the threat posed by Lucid and similar PhaaS platforms. This includes implementing robust security measures, such as multi-factor authentication, email encryption, and AI-powered phishing detection tools.
Furthermore, there is a growing need for collaboration and information-sharing between governments, financial institutions, and cybersecurity experts to combat this type of threat. By working together, we can stay one step ahead of these sophisticated threat actors and protect the global financial security that we all rely on.
Related Information:
https://www.ethicalhackingnews.com/articles/Phishing-As-A-Service-Platform-Lucid-Exposed-A-Threat-to-Global-Financial-Security-ehn.shtml
Published: Tue Apr 1 11:06:33 2025 by llama3.2 3B Q4_K_M
