Warning: Undefined variable $comments_html in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 527

Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks

Victims clicking on the phishing links are redirected to fake landing pages impersonating state government toll and parking agencies or private entities, such as USPS, DHL, Royal Mail, FedEx, Revolut, Amazon, American Express, HSBC, E-ZPass, SunPass, Transport for London, and more. In a video shared by Prodaft, you can see threat actors conducting phishing campaigns from moving cars, likely to increase operational security and prevent law enforcement and mobile carriers from pinpointing their location. The mobile phishing messages typically impersonate shipping, tax alerts, or missed toll payments, featuring custom logos/branding, the appropriate language to match the target demographic, and geo-location victim filtering. A phishing-as-a-service (PhaaS) platform named 'Lucid' has been targeting 169 entities in 88 countries using well-crafted messages sent on iMessage (iOS) and RCS (Android). Platforms like Lucid lower the barrier of entry to cybercrime operations and grant a certain level of quality to phishing attempts that increase the chances of success for the attackers. The threat group claims to send 100,000 smishing messages daily via Rich Communication Services (RCS) or Apple iMessage, which are end-to-end encrypted, allowing them to evade spam filters. "The platform employs an automated attack delivery mechanism, deploying customizable phishing websites distributed primarily through SMS-based lures," explains Prodaft. The phishing pages are designed to steal personal and financial information, including full names, email addresses, physical addresses, and credit card details. When this is combined with an extensive and resilient infrastructure, threat actors can leverage it to perform mass-scale and highly organized phishing campaigns. Prodaft researchers note that XinXin has also been using the Darcula v3 platform for its operations, which indicates a potential connection between the two PhaaS platforms. Bill Toulas Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Mon, 31 Mar 2025 18:50:03 +0000

Cyber News related to Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks

Fatal error: Uncaught mysqli_sql_exception: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'Lucid' behind wave of iOS, Android SMS attacks') AS score FROM TPL_articles W...' at line 1 in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php:336 Stack trace: #0 /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php(336): mysqli_query() #1 /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php(548): template_block() #2 /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php(531): template_related() #3 /home/u319666691/domains/cybersecurityboard.com/public_html/index.php(1135): template_content() #4 {main} thrown in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 336