New Lucid PhAAS Platform Leveraging RCS & iMessage to Bypass Detections

The platform employs an automated attack delivery mechanism that deploys customizable phishing websites, primarily distributed through SMS-based lures that mimic legitimate organizations such as postal services, courier companies, and toll payment systems. A sophisticated new phishing platform named Lucid has emerged as a significant cybersecurity threat, targeting 169 entities across 88 countries globally. This code snippet demonstrates how the platform configures language settings, domain parameters, and regional targeting while maintaining flexibility for various phishing scenarios. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Catalyst researchers noted that the platform incorporates advanced anti-detection and evasion techniques, such as IP blocking and user-agent filtering, to prolong the lifespan of its phishing sites. What sets Lucid apart from conventional phishing operations is its innovative use of Apple’s iMessage and Android’s Rich Communication Services (RCS) to circumvent traditional SMS spam filters. The platform operates on a subscription-based model, enabling cybercriminals to conduct large-scale phishing campaigns with minimal effort. Developed by Chinese-speaking threat actors, this Phishing-as-a-Service (PhAAS) platform operates through 129 active instances and over 1,000 registered domains. By leveraging these protocols, Lucid significantly increases delivery success rates and effectively bypasses security measures that would typically identify and block malicious SMS messages. The panel automatically generates domains and interfaces tailored to specific phishing templates, with customizations based on victims’ IP addresses for location-specific targeting. The platform implements measures to block connections from unintended IP addresses or when users attempt to access domains directly rather than through shortened URLs. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. When victims click on embedded links, they’re redirected to convincingly crafted phishing pages designed to harvest sensitive information.

This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 28 Mar 2025 09:10:15 +0000

Cyber News related to New Lucid PhAAS Platform Leveraging RCS & iMessage to Bypass Detections

What Apple's Promise to Support RCS Means for Text Messaging - RCS will thankfully bring a number of long-missing features to those green bubble conversations in Messages, but Apple's proposed implementation has a murkier future when it comes to security. The RCS standard will replace SMS, the protocol behind ...
1 year ago Eff.org

New Lucid PhAAS Platform Leveraging RCS & iMessage to Bypass Detections - The platform employs an automated attack delivery mechanism that deploys customizable phishing websites, primarily distributed through SMS-based lures that mimic legitimate organizations such as postal services, courier companies, and toll payment ...
2 days ago Cybersecuritynews.com

CVE-2021-36845 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in YITH Maintenance Mode (WordPress plugin) versions < 1.3.8, there are 46 vulnerable parameters that were missed by the vendor while patching the 1.3.7 version to 1.3.8. ...
3 years ago

Apple Adds RCS End-to-End Encryption for Sending Text Messages Using iPhone - This implementation ensures that messages and files remain confidential as they travel between clients, making RCS “the first large-scale messaging service to support interoperable E2EE between client implementations from different ...
1 week ago Cybersecuritynews.com

Apple Sets Trap to Catch iMessage Impersonators - Apple's latest iOS and macOS platform refresh came with a lot more than urgent security patches. The company activated a new feature called iMessage Contact Key Verification in another attempt to block impersonators and sophisticated threat actors ...
1 year ago Securityweek.com

CVE-2018-14991 - The Coolpad Defiant device with a build fingerprint of Coolpad/cp3632a/cp3632a:7.1.1/NMF26F/099480857:user/release-keys, the ZTE ZMAX Pro with a build fingerprint of ZTE/P895T20/urd:6.0.1/MMB29M/20170418.114928:user/release-keys, and the T-Mobile ...
5 years ago

CVE-2018-14990 - The Coolpad Defiant device with a build fingerprint of Coolpad/cp3632a/cp3632a:7.1.1/NMF26F/099480857:user/release-keys, the ZTE ZMAX Pro with a build fingerprint of ZTE/P895T20/urd:6.0.1/MMB29M/20170418.114928:user/release-keys, and the T-Mobile ...
5 years ago

Apple Smashes Ban Hammer on Beeper iMessage Users - Apple has taken to banning Beeper's Android users from iMessage entirely. Tim's crew still claims Beeper is a threat to user security, but nobody's buying that excuse. Cofounder Eric Migicovsky has all but given up Beeper's game of Whac-A-Mole. In ...
1 year ago Securityboulevard.com

CVE-2006-3025 - Cross-site scripting (XSS) vulnerability in Cal.PHP3 in Chris Lea Lucid Calendar 0.22 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. NOTE: the provenance of this information is unknown; the details are ...
16 years ago

Trulioo Launches Global Identity Platform for Person and Business Verification - Identity verification firm Trulioo on Tuesday launched a new global identity platform for Person and Business verification. Trulioo so far sold multiple identity products, each operating in their own silos. Their products and services range from ...
2 years ago Csoonline.com

CVE-2007-0228 - The DataCollector service in EIQ Networks Network Security Analyzer allows remote attackers to cause a denial of service (service crash) via a (1) &CONNECTSERVER& (2) &ADDENTRY& (3) &FIN& (4) &START& (5) ...
7 years ago

CVE-2022-36407 - Insertion of Sensitive Information into Log File vulnerability in Hitachi Virtual Storage Platform, Hitachi Virtual Storage Platform VP9500, Hitachi Virtual Storage Platform G1000, G1500, Hitachi Virtual Storage Platform F1500, Hitachi Virtual ...
1 year ago

Wordfence Intelligence Weekly WordPress Vulnerability Report (September 23, 2024 to September 29, 2024) - Software Name Software Slug 012 Ps Multi Languages 012-ps-multi-languages ABC APP CREATOR abcapp-creator Absolute Reviews absolute-reviews Accordion accordions Ads by WPQuads – Adsense Ads, Banner Ads, Popup Ads quick-adsense-reloaded Advanced File ...
5 months ago Wordfence.com Slug

Why It's More Important Than Ever to Align to The MITRE ATT&CK Framework - These missed attacks often stem from either hidden gaps in detection coverage - or due to alerts that got buried in a sea of noisy alerts and were never even pursued by the Security Operations Center team. In other words, we need to be able to report ...
1 year ago Cyberdefensemagazine.com APT28 FIN7 LAPSUS$ Lazarus Group

CVE-2019-13363 - admin.php?pagenotification_by_mail in Piwigo 2.9.5 has XSS via the nbm_send_html_mail, nbm_send_mail_as, nbm_send_detailed_content, ...
2 years ago

CVE-2023-52587 - In the Linux kernel, the following vulnerability has been resolved: ...
1 year ago

CVE-2020-28092 - PESCMS Team 2.3.2 has multiple reflected XSS via the id parameter:?gTeam&mTask&amy&status3&id,?gTeam&mTask&amy&status0&id,?gTeam&mTask&amy&status1&id,?gTeam&mTask&amy&status10&id ...
4 years ago

CVE-2025-21881 - In the Linux kernel, the following vulnerability has been resolved: ...
3 days ago

Cybercriminals continue targeting open remote access products - Cybercriminals still prefer targeting open remote access products, or like to leverage legitimate remote access tools to hide their malicious actions, according to WatchGuard. Medusa ransomware variant surges in Q3. Threat actors increasingly use ...
1 year ago Helpnetsecurity.com Medusa

Phishing-as-a-service operation uses DNS-over-HTTPS for evasion - Once the victim reaches the final destination, the phishing kit loads and queries the victim’s email domain’s MX record using DoH via Google or Cloudflare. When the victim clicks a link in a phishing email, the kit is loaded on their ...
2 days ago Bleepingcomputer.com

CVE-2018-7901 - RCS module in Huawei ALP-AL00B smart phones with software versions earlier than 8.0.0.129, BLA-AL00B smart phones with software versions earlier than 8.0.0.129 has a remote control vulnerability. An attacker can trick a user to install a malicious ...
5 years ago

East Texas hospital network can't receive ambulances because of potential cybersecurity incident - GetTime();if(!(u<=a&&d<=l throw new RangeError("Invalid interval");return r.inclusive?u<=l&&d<=a:ut||isNaN(t. Step):1;if(s<1||isNaN(s throw new RangeError("`options. Step):1;if(l<1||isNaN(l throw new RangeError("`options. GetTime()<=n throw new ...
1 year ago Cnn.com

'Operation Triangulation' Spyware Attackers Bypass iPhone Memory Protections - The Operation Triangulation attacks are abusing undocumented functions in Apple chips to circumvent hardware-based security measures. A previously undocumented hardware feature within Apple's iPhone System on a Chip allows for exploitation of ...
1 year ago Darkreading.com CVE-2023-41990 CVE-2023-32434 CVE-2023-38606 CVE-2023-32435

Strengthen, Unify and Simplify Cybersecurity Tools - Increasingly, security conscious enterprises are turning to platformization to drive better security outcomes and simplify operations. Smartphones, cloud, remote work, and now AI, all bring complexity to information security, yet they must be enabled ...
9 months ago Paloaltonetworks.com