A new sophisticated phishing-as-a-service (PhaaS) platform called Lucid has targeted 169 entities in 88 countries using smishing messages propagated via Apple iMessage and Rich Communication Services (RCS) for Android.
Lucid’s unique selling point lies in its weaponizing of legitimate communication platforms to sidestep traditional SMS-based detection mechanisms.
“Its scalable, subscription-based model enables cybercriminals to conduct large-scale phishing campaigns to harvest credit card details for financial fraud,” Swiss cybersecurity company PRODAFT said in a technical report shared with The Hacker News.
“Lucid leverages Apple iMessage and Android’s RCS technology, bypassing traditional SMS spam filters and significantly increasing delivery and success rates.”
Lucid is assessed to be the work of a Chinese-speaking hacking crew called the XinXin group (aka Black Technology), with the phishing campaigns mainly targeting Europe, the United Kingdom, and the United States with an…
