Summary: A new phishing-as-a-service platform, Lucid, has emerged, targeting 169 entities across 88 countries through advanced smishing techniques. Utilizing Apple iMessage and RCS, Lucid bypasses traditional anti-phishing measures, enabling significant increases in phishing success rates. This sophisticated model threatens financial security as it focuses primarily on harvesting credit card information and personally identifiable information (PII).
Affected: Organizations and individuals across Europe, the United Kingdom, and the United States
Keypoints :
- Lucid employs legitimate messaging platforms to evade detection, making phishing campaigns more effective.
- The platform is linked to a Chinese-speaking hacking group known as XinXin, which has also developed other PhaaS tools.
- Advanced anti-detection techniques utilized include real-time monitoring of victim interactions with phishing links and sophisticated domain rotation strategies.
Source: https://thehackernews.com/2025/04/lucid-phaas-hits-169-targets-in-88.html