Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

Lucid PhaaS Hits 169 Targets in 88 Countries Using iMessage and RCS Smishing

The Hacker News by The Hacker News
April 1, 2025
Home Cybersecurity
Share on FacebookShare on Twitter


A new sophisticated phishing-as-a-service (PhaaS) platform called Lucid has targeted 169 entities in 88 countries using smishing messages propagated via Apple iMessage and Rich Communication Services (RCS) for Android.

Lucid’s unique selling point lies in its weaponizing of legitimate communication platforms to sidestep traditional SMS-based detection mechanisms.

“Its scalable, subscription-based model enables cybercriminals to conduct large-scale phishing campaigns to harvest credit card details for financial fraud,” Swiss cybersecurity company PRODAFT said in a technical report shared with The Hacker News.

“Lucid leverages Apple iMessage and Android’s RCS technology, bypassing traditional SMS spam filters and significantly increasing delivery and success rates.”

Lucid is assessed to be the work of a Chinese-speaking hacking crew called the XinXin group (aka Black Technology), with the phishing campaigns mainly targeting Europe, the United Kingdom, and the United States with an intent to steal credit card data and personally identifiable information (PII).

Cybersecurity

The threat actors behind the service, more importantly, have developed other PhaaS platforms like Lighthouse and Darcula, the latter of which has been updated with capabilities to clone any brand’s website to create a phishing version. The developer of Lucid is a threat actor codenamed LARVA-242, who is also a key figure in the XinXin group.

All three PhaaS platforms share overlaps in templates, target pools, and tactics, alluding to a flourishing underground economy where Chinese-speaking actors are leveraging Telegram to advertise their warez on a subscription basis for profit-driven motives.

Phishing campaigns relying on these services have been found to impersonate postal services, courier companies, toll payment systems, and tax refund agencies, employing convincing phishing templates to deceive victims into providing sensitive information.

The large-scale activities are powered on the backend via iPhone device farms and mobile device emulators running on Windows systems to send hundreds of thousands of scam messages containing bogus links in a coordinated fashion. The phone numbers to be targeted are acquired through various methods such as data breaches and cybercrime forums.

“For iMessage’s link-clicking restrictions, they employ ‘please reply with Y’ techniques to establish two-way communication,” PRODAFT explained. “For Google’s RCS filtering, they constantly rotate sending domains/numbers to avoid pattern recognition.”

iMessage and RCS Smishing

“For iMessage, this involves creating temporary Apple IDs with impersonated display names, while RCS exploitation leverages carrier implementation inconsistencies in sender verification.”

Besides offering automation tools that simplify the creation of customizable phishing websites, the pages themselves incorporate advanced anti-detection and evasion techniques like IP blocking, user-agent filtering, and time-limited single-use URLs.

Lucid also supports the ability to monitor victim activity and record every single interaction with the phishing links in real-time via a panel, allowing its customers to extract the entered information. Credit card details submitted by victims are subjected to additional verification steps. The panel is built using the open-source Webman PHP framework.

“The Lucid PhaaS panel has revealed a highly organized and interconnected ecosystem of phishing-as-a-service platforms operated by Chinese-speaking threat actors, primarily under the XinXin group,” the company said.

“The XinXin group develops and utilizes these tools and profits from selling stolen credit card information while actively monitoring and supporting the development of similar PhaaS services.”

Cybersecurity

It’s worth noting that the findings from PRODAFT mirror that of Palo Alto Networks Unit 42, which recently called out unspecified threat actors for utilizing the domain pattern “com-” to register over 10,000 domains for propagating various SMS phishing scams via Apple iMessage.

The development comes as Barracuda warned of a “massive spike” in PhaaS attacks in early 2025 using Tycoon 2FA, EvilProxy, and Sneaky 2FA, with each service accounting for 89%, 8%, and 3% of all the PhaaS incidents, respectively.

“Phishing emails are the gateway for many attacks, from credential theft to financial fraud, ransomware, and more,” Barracuda security researcher Deerendra Prasad said. “The platforms that power phishing-as-a-service are increasingly complex and evasive, making phishing attacks both harder for traditional security tools to detect and more powerful in terms of the damage they can do.”

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
The Hacker News

The Hacker News

Next Post
Thumzup Media Corporation Continues Growth Trajectory, Surpasses 800 Advertisers with a CAGR of 243%

Thumzup Media Corporation Continues Growth Trajectory, Surpasses 800 Advertisers with a CAGR of 243%

Recommended.

What the Discover merger approval means for Capital One and 2 other financials

What the Discover merger approval means for Capital One and 2 other financials

April 21, 2025
30 Notable IT Executive Moves: July 2025

30 Notable IT Executive Moves: July 2025

August 11, 2025

Trending.

Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

May 4, 2026
AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

May 1, 2026
This Scammer Used an AI-Generated MAGA Girl to Grift ‘Super Dumb’ Men

This Scammer Used an AI-Generated MAGA Girl to Grift ‘Super Dumb’ Men

April 21, 2026
AT&T Vs. Verizon: How The Country’s Biggest Carriers Fared In Q4 2025

AT&T Vs. Verizon: How The Country’s Biggest Carriers Fared In Q4 2025

January 30, 2026
Anthropic’s 5 Huge Hires From OpenAI, Google, Microsoft And xAI In 2026

Anthropic’s 5 Huge Hires From OpenAI, Google, Microsoft And xAI In 2026

July 7, 2026

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio