The new complex PHISHING-AS-A-Service (Phaas) Platform, called Lucid, has sent 169 legal entities in 88 countries that use broken messages distributed via Apple IMessage and Rich Communication Services (RCS) for Android.
The unique Lucid outlet is in its armament legal communication platforms to overcome the traditional SMS detection mechanisms.
“Its scalable model based on subscriptions allows cybercriminals to conduct large -scale phishing companies to collect credit card data for financial fraud,” Swiss Cybersecurity Company – Note In a technical report that is shared with Hacker News.
“Lucid uses Apple Imessage and RCS Android technology, bypassing traditional SMS filters and greatly increases the delivery and success level.”
Lucid is evaluated as the work of a Chinese -speaking crew called Xinxin Group (AKA Black Technology), and phishing campaigns are mainly focused on Europe, the United Kingdom and the United States to steal credit card data and personally identified information (PII).
The actors behind the service are even more important, developed by other Phaas platforms such as lighthouse and Darkulathe last of which was updated With the ability to clone the web site of any brand to create a phishing version. Lucid developer is a threat to an actor called larva-242, which is also a key figure in the Xinxin group.
All three Phaas platforms are divided by floors in templates, target pools and tactics, hinting at a flowering underground economy where Chinese actors use telegram to advertise their cut -off based on the revenue motives.
It has been found that phishing companies based on these services have made the services of postal entities, courier companies, payment systems and tax return agencies using convincing phishing templates to trick the victims in providing confidential information.
Large -scale activities operate on the background through iPhone Device farms and mobile devices running on Windows systems to send hundreds of thousands of scams containing fictitious links in coordinated order. The telephone numbers that will be oriented are acquired by various methods such as data violations and cybercrime forums.
“To restrict the inclusion of IMESSAG links they hire “Please respond to the Y” to establish a bilateral connection, “-said the Prodaft.-For Google RCS filtering, they constantly rotate domains/numbers to avoid image recognition.
“For IMessage, this provides for the creation of temporary Apple identifiers with pronounced display names, while operating RCS uses the carrier incompleteness in the sender check.”
In addition, offering automation tools that simplify the creation of custom phishing sites, the pages themselves include advanced methods against detection and evasion, such as blocking IP, filtering users and limited sometimes URL.
Lucid also supports the ability to control the victim activity and record each real -time phishing links through the panel, allowing its customers to retrieve the information entered. Details of the credit card presented by the victims are subjected to an additional step of the check. The panel is built using an open source PHP.
“The Lucid Phan Panel has discovered a highly organized and interconnected ecosystem of phishing platforms as services managed by Chinese-speaking threat subjects, primarily under the Xinxin group,” the company said.
“The Xinxin group develops and uses these tools and profits from the sale of stolen credit card information, actively monitoring and maintaining the development of such Phaas services.”
It is worth noting that conclusion With the Mirror Prodaf recently Caused by an uncertain subject threat to the use of the “com-” domain to register more than 10,000 domains for distribution of various SMS phishing scams via Apple IMessage.
Development occurs when Barracuda warned of a “massive spike” in the face attacks in early 2025 using 2FA tycoon. Eviland Connected 2faEach service is 89%, 8%and 3%of all Phaas incidents.
“Phishing – Note. “The platforms that Power Phishing-A-Service are becoming more sophisticated and eliminated, making phishing over the traditional safety tools to discover and more powerful in the harm they can do.”