Ethical Hacking News
Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks; Lucid offers subscription-based model with access to 1,000 phishing domains and pro-grade spamming tools. The attack targets users across 88 countries, utilizing end-to-end encrypted messaging platforms like iMessage and RCS.
A sophisticated phishing-as-a-service (PhaaS) platform named 'Lucid' has been identified as the mastermind behind a recent wave of targeted SMS attacks on iOS and Android users across 88 countries.Lucid offers a subscription-based model that grants access to over 1,000 phishing domains, tailored auto-generated phishing sites, and pro-grade spamming tools.The Lucid platform uses well-crafted messages sent on iMessage (iOS) and RCS (Android), which are end-to-end encrypted and allow attackers to bypass traditional SMS spam filters.Lucid's automated attack delivery mechanism deploys customizable phishing websites distributed primarily through SMS-based lures, utilizing large-scale iOS and Android device farms.The platform is used by Chinese cybercriminals known as the 'XinXin group' and allows threat actors to launch highly effective and targeted phishing campaigns.Users can fall prey to Lucid's attacks by receiving messages on their devices, particularly those urging them to follow embedded links or reply to the message.
Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks
By Bill Toulas
March 31, 2025
02:49 PM
0
A sophisticated phishing-as-a-service (PhaaS) platform named 'Lucid' has been identified as the mastermind behind a recent wave of targeted SMS attacks on iOS and Android users across 88 countries. According to reports by Prodaft researchers, Lucid has been operating under the radar since mid-2023, with its malicious activities only recently gaining mainstream attention.
Lucid, which is allegedly operated by Chinese cybercriminals known as the 'XinXin group', offers a subscription-based model that grants access to over 1,000 phishing domains, tailored auto-generated phishing sites, and pro-grade spamming tools. This elaborate setup allows threat actors to launch highly effective and targeted phishing campaigns.
The Lucid platform is notable for its use of well-crafted messages sent on iMessage (iOS) and RCS (Android), which are end-to-end encrypted and allow the attackers to bypass traditional SMS spam filters. According to Prodaft, Lucid's automated attack delivery mechanism deploys customizable phishing websites distributed primarily through SMS-based lures.
To further enhance the effectiveness of their operation, Lucid operators utilize large-scale iOS and Android device farms to send text messages. For iMessage, Lucid uses temporary Apple IDs, while for RCS, they exploit carrier-specific implementation flaws in sender validation.
The mobile phishing messages sent by Lucid typically impersonate shipping, tax alerts, or missed toll payments, featuring custom logos/branding, the appropriate language to match the target demographic, and geo-location victim filtering. When victims click on these phishing links, they are redirected to fake landing pages impersonating state government toll and parking agencies or private entities.
These phishing pages are designed to steal personal and financial information, including full names, email addresses, physical addresses, and credit card details. The platform also includes a built-in credit card validator that allows actors to test the stolen cards, with valid cards then being sold to other cybercriminals or used directly for fraud.
The Lucid phishing operation is noteworthy not only for its technical sophistication but also for the fact that it represents a prime example of how PhaaS platforms can be utilized by threat actors to carry out mass-scale and highly organized attacks. The fact that subscriptions are sold via a dedicated Telegram channel, with customers granted access on a weekly basis, highlights the ease and accessibility of these services.
As security experts stress, platforms like Lucid significantly lower the barrier to entry for cybercrime operations, providing attackers with a certain level of quality in phishing attempts that increases their chances of success. When combined with an extensive and resilient infrastructure, threat actors can leverage such tools to perform highly organized and mass-scale phishing campaigns.
To avoid falling prey to this type of attack, security experts advise users to be vigilant when receiving messages on their devices, particularly those urging them to follow embedded links or reply to the message. Instead, they recommend logging in directly to the actual service and checking for pending alerts or bills.
In conclusion, the Lucid phishing scam represents a concerning development in the ever-evolving world of cybercrime. As users become increasingly reliant on their mobile devices, it is essential that security measures are put in place to protect against such sophisticated threats.
Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks; Lucid offers subscription-based model with access to 1,000 phishing domains and pro-grade spamming tools. The attack targets users across 88 countries, utilizing end-to-end encrypted messaging platforms like iMessage and RCS.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Lucid-Phishing-Scam-A-Sophisticated-Attack-on-iOS-and-Android-Users-ehn.shtml
https://www.bleepingcomputer.com/news/security/phishing-platform-lucid-behind-wave-of-ios-android-sms-attacks/
https://www.socinvestigation.com/comprehensive-list-of-apt-threat-groups-motives-and-attack-methods/
https://gbhackers.com/uat-5918-hackers-exploit-n-day-vulnerabilities/
Published: Mon Mar 31 14:23:33 2025 by llama3.2 3B Q4_K_M
