New Lucid PhAAS Platform Leveraging RCS & iMessage to Bypass Detections

The platform employs an automated attack delivery mechanism that deploys customizable phishing websites, primarily distributed through SMS-based lures that mimic legitimate organizations such as postal services, courier companies, and toll payment systems. A sophisticated new phishing platform named Lucid has emerged as a significant cybersecurity threat, targeting 169 entities across 88 countries globally. This code snippet demonstrates how the platform configures language settings, domain parameters, and regional targeting while maintaining flexibility for various phishing scenarios. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Catalyst researchers noted that the platform incorporates advanced anti-detection and evasion techniques, such as IP blocking and user-agent filtering, to prolong the lifespan of its phishing sites. What sets Lucid apart from conventional phishing operations is its innovative use of Apple’s iMessage and Android’s Rich Communication Services (RCS) to circumvent traditional SMS spam filters. The platform operates on a subscription-based model, enabling cybercriminals to conduct large-scale phishing campaigns with minimal effort. Developed by Chinese-speaking threat actors, this Phishing-as-a-Service (PhAAS) platform operates through 129 active instances and over 1,000 registered domains. By leveraging these protocols, Lucid significantly increases delivery success rates and effectively bypasses security measures that would typically identify and block malicious SMS messages. The panel automatically generates domains and interfaces tailored to specific phishing templates, with customizations based on victims’ IP addresses for location-specific targeting. The platform implements measures to block connections from unintended IP addresses or when users attempt to access domains directly rather than through shortened URLs. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. When victims click on embedded links, they’re redirected to convincingly crafted phishing pages designed to harvest sensitive information.

This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 28 Mar 2025 09:10:15 +0000

Cyber News related to New Lucid PhAAS Platform Leveraging RCS & iMessage to Bypass Detections

What Apple's Promise to Support RCS Means for Text Messaging - RCS will thankfully bring a number of long-missing features to those green bubble conversations in Messages, but Apple's proposed implementation has a murkier future when it comes to security. The RCS standard will replace SMS, the protocol behind ...
1 year ago Eff.org

New Lucid PhAAS Platform Leveraging RCS & iMessage to Bypass Detections - The platform employs an automated attack delivery mechanism that deploys customizable phishing websites, primarily distributed through SMS-based lures that mimic legitimate organizations such as postal services, courier companies, and toll payment ...
2 months ago Cybersecuritynews.com

Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks - Victims clicking on the phishing links are redirected to fake landing pages impersonating state government toll and parking agencies or private entities, such as USPS, DHL, Royal Mail, FedEx, Revolut, Amazon, American Express, HSBC, E-ZPass, ...
2 months ago Bleepingcomputer.com

CVE-2021-36845 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in YITH Maintenance Mode (WordPress plugin) versions < 1.3.8, there are 46 vulnerable parameters that were missed by the vendor while patching the 1.3.7 version to 1.3.8. ...
3 years ago

Apple Adds RCS End-to-End Encryption for Sending Text Messages Using iPhone - This implementation ensures that messages and files remain confidential as they travel between clients, making RCS “the first large-scale messaging service to support interoperable E2EE between client implementations from different ...
3 months ago Cybersecuritynews.com

Apple Sets Trap to Catch iMessage Impersonators - Apple's latest iOS and macOS platform refresh came with a lot more than urgent security patches. The company activated a new feature called iMessage Contact Key Verification in another attempt to block impersonators and sophisticated threat actors ...
1 year ago Securityweek.com

ANY.RUN Unveils Q1 2025 Malware Trends Report - ANY.RUN’s latest malware trends report reveals substantial increases in threat activity across multiple categories, providing critical intelligence for security professionals as cyber threats continue to evolve at an alarming pace. Stealers ...
1 month ago Cybersecuritynews.com

Darcula PhaaS steals 884,000 credit cards via SMS phishing texts - In February 2025, the same researchers reported that Darcula had undergone a significant evolution, now allowing operators to auto-generate phishing kits for any brand, while also implementing new stealth features, a credit card to virtual card ...
1 month ago Bleepingcomputer.com

Darcula PhaaS steals 884,000 credit cards via phishing texts - In February 2025, the same researchers reported that Darcula had undergone a significant evolution, now allowing operators to auto-generate phishing kits for any brand, while also implementing new stealth features, a credit card to virtual card ...
1 month ago Bleepingcomputer.com

FBI shares massive list of 42,000 LabHost phishing domains - The FBI has shared 42,000 phishing domains tied to the LabHost cybercrime platform, one of the largest global phishing-as-a-service (PhaaS) platforms that was dismantled in April 2024. The list can also be used by security teams to retrospectively ...
1 month ago Bleepingcomputer.com

CVE-2018-14991 - The Coolpad Defiant device with a build fingerprint of Coolpad/cp3632a/cp3632a:7.1.1/NMF26F/099480857:user/release-keys, the ZTE ZMAX Pro with a build fingerprint of ZTE/P895T20/urd:6.0.1/MMB29M/20170418.114928:user/release-keys, and the T-Mobile ...
6 years ago

CVE-2018-14990 - The Coolpad Defiant device with a build fingerprint of Coolpad/cp3632a/cp3632a:7.1.1/NMF26F/099480857:user/release-keys, the ZTE ZMAX Pro with a build fingerprint of ZTE/P895T20/urd:6.0.1/MMB29M/20170418.114928:user/release-keys, and the T-Mobile ...
6 years ago

Beware of Fake Unpaid Toll Message Attack to Steal Login Credentials - Security analysts note that these toll scam campaigns achieve approximately 5% success rates – substantially higher than traditional email phishing attacks – demonstrating the effectiveness of this multi-stage approach that combines SMS messaging ...
2 months ago Cybersecuritynews.com

Apple Smashes Ban Hammer on Beeper iMessage Users - Apple has taken to banning Beeper's Android users from iMessage entirely. Tim's crew still claims Beeper is a threat to user security, but nobody's buying that excuse. Cofounder Eric Migicovsky has all but given up Beeper's game of Whac-A-Mole. In ...
1 year ago Securityboulevard.com

42,000 Phishing Domains Linked to the LabHost PhaaS Service - “The platform enabled cyber criminals to impersonate more than 200 organizations, including major banks and government institutions, in an effort to collect personal information and banking credentials from unsuspecting victims ...
1 month ago Cybersecuritynews.com

Morphing Meerkat PhaaS Using DNS Reconnaissance To Generate Phishing Pages Based on Target - Morphing Meerkat, a sophisticated Phishing-as-a-Service (PhaaS) platform first identified in 2020, has evolved from a simple tool capable of mimicking five email services to a comprehensive cybercriminal resource offering more than 100 different scam ...
2 months ago Cybersecuritynews.com

CVE-2006-3025 - Cross-site scripting (XSS) vulnerability in Cal.PHP3 in Chris Lea Lucid Calendar 0.22 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. NOTE: the provenance of this information is unknown; the details are ...
16 years ago

How To Implementing MITRE ATT&CK In SOC Workflows - A Step-by-Step Guide - By understanding the framework, mapping your current capabilities, developing targeted detection and response strategies, and integrating ATT&CK into your tools and processes, you can build a proactive, threat-informed defense that evolves ...
2 months ago Cybersecuritynews.com

CVE-2007-0228 - The DataCollector service in EIQ Networks Network Security Analyzer allows remote attackers to cause a denial of service (service crash) via a (1) &CONNECTSERVER& (2) &ADDENTRY& (3) &FIN& (4) &START& (5) ...
7 years ago

Trulioo Launches Global Identity Platform for Person and Business Verification - Identity verification firm Trulioo on Tuesday launched a new global identity platform for Person and Business verification. Trulioo so far sold multiple identity products, each operating in their own silos. Their products and services range from ...
2 years ago Csoonline.com

CVE-2022-36407 - Insertion of Sensitive Information into Log File vulnerability in Hitachi Virtual Storage Platform, Hitachi Virtual Storage Platform VP9500, Hitachi Virtual Storage Platform G1000, G1500, Hitachi Virtual Storage Platform F1500, Hitachi Virtual ...
1 year ago

Why It's More Important Than Ever to Align to The MITRE ATT&CK Framework - These missed attacks often stem from either hidden gaps in detection coverage - or due to alerts that got buried in a sea of noisy alerts and were never even pursued by the Security Operations Center team. In other words, we need to be able to report ...
1 year ago Cyberdefensemagazine.com APT28 FIN7 LAPSUS$ Lazarus Group

Wordfence Intelligence Weekly WordPress Vulnerability Report (September 23, 2024 to September 29, 2024) - Software Name Software Slug 012 Ps Multi Languages 012-ps-multi-languages ABC APP CREATOR abcapp-creator Absolute Reviews absolute-reviews Accordion accordions Ads by WPQuads – Adsense Ads, Banner Ads, Popup Ads quick-adsense-reloaded Advanced File ...
8 months ago Wordfence.com Slug

CVE-2019-13363 - admin.php?pagenotification_by_mail in Piwigo 2.9.5 has XSS via the nbm_send_html_mail, nbm_send_mail_as, nbm_send_detailed_content, ...
2 years ago