Lucid Nightmares: Phishing-as-a-Service Strikes 169 Entities Worldwide!
Lucid’s phishing-as-a-service platform is giving cybercriminals a masterclass in dodging detection. By weaponizing Apple iMessage and Android’s RCS, Lucid bypasses traditional SMS filters, delivering smishing messages with precision. Meanwhile, the XinXin group is turning phishing into a subscription service, proving that if cybercrime is an art, they’re the Monet of mischief.
Hot Take:
Looks like we’re living in the golden age of phishing! Why put effort into earning an honest living when you can subscribe to a service, go fishing for people’s credit card details, and maybe even catch a whale or two? Lucid’s making it easier than ever to be a ‘successful’ criminal without even leaving the comfort of your parent’s basement.
Key Points:
- Lucid is a sophisticated phishing-as-a-service (PhaaS) platform targeting 169 entities in 88 countries.
- It exploits Apple iMessage and Android RCS to bypass traditional SMS spam filters, increasing delivery success.
- The platform is linked to the Chinese-speaking hacking crew, XinXin group, aiming to steal financial data.
- Lucid shares tactics and templates with other PhaaS platforms like Lighthouse and Darcula.
- Phishing campaigns often impersonate legitimate services to trick victims into sharing sensitive information.
Already a member? Log in here