Summary: A phishing-as-a-service (PhaaS) platform named ‘Lucid’ has emerged, targeting 169 entities across 88 countries through sophisticated phishing messages sent via iMessage and RCS. Operated by the XinXin group, this platform enables other cybercriminals to access over 1,000 phishing domains and tools through a subscription model. The operation employs advanced technology to bypass traditional spam filters, making it highly effective and cost-efficient.
Affected: Global entities, including government agencies and financial institutions
Keypoints :
- Lucid sends approximately 100,000 smishing messages daily using end-to-end encrypted channels like iMessage and RCS.
- The platform sells subscriptions through a dedicated Telegram channel, offering access to customizable phishing websites and advanced spamming tools.
- Phishing campaigns impersonate reputable entities to steal personal and financial information, utilizing large-scale device farms for message delivery.
- Lucid incorporates a built-in credit card validator for stolen cards, increasing the threat to financial security and facilitating further cybercrime.
- To evade detection, threat actors conduct campaigns from moving vehicles, aiming to boost operational security and avoid law enforcement tracking.