Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks

A phishing-as-a-service (PhaaS) platform named 'Lucid' has been targeting 169 entities in 88 countries using well-crafted messages sent on iMessage (iOS) and RCS (Android). Lucid, which has been operated by Chinese cybercriminals known as the 'XinXin group' since mid-2023, is sold to other threat actors via a subscription-based model that gives them access to over 1,000 phishing domains, tailored auto-generated phishing sites, and pro-grade spamming tools. Prodaft researchers note that XinXin has also been using the Darcula v3 platform for its operations, which indicates a potential connection between the two PhaaS platforms. Subscriptions to Lucid are sold via a dedicated Telegram channel (2,000 members), and customers are granted access via licenses on a weekly basis. Massive phishing operation The threat group claims to send 100,000 smishing messages daily via Rich Communication Services (RCS) or Apple iMessage, which are end-to-end encrypted, allowing them to evade spam filter ... Read full article.