Smart Device Trend
image

Cybercriminals Offer Access to 'Lucid' Phishing Platform to Target iPhone, Android Phones in 88 Countries

Apr 03, 2025 by admin
Cybercriminals Offer Access to 'Lucid' Phishing Platform to Target iPhone, Android Phones in 88 Countries

Lucid offers phishing websites with validation tools for collected credit card details

Highlights
  • Chinese cybercriminals are offering access to Lucid, a phishing platform
  • The service allows anyone to operate a phishing campaign
  • Fake phishing messages sent via Lucid ask for toll and parking charges
Advertisement

Cybercriminals are using massive device farms that comprise iPhone and Android smartphones in order to send phishing messages to users in 88 countries, according to security researchers. The 'Lucid' phishing-as-a-service (PhaaS) platform is designed to deliver messages via iMessage and rich communication services (RCS) chats, with links that lead to phishing websites. These messages are capable of evading typical SMS spam filters due to end-to-end encryption (E2EE). The cybercriminals are also selling licences to use the Lucid platform via a Telegram channel.

Lucid Platform Claimed to Deliver Over 100,000 Messages Every Day

Unlike regular SMS, messages are delivered to users via iMessage or RCS on iPhone and Android smartphones, respectively. As these are E2EE messaging services, the messages have a higher delivery rate than SMS phishing messages, according to Prodaft's report. These messages are also cheaper than SMS, as there are no operator charges.

lucid device farm prodaft Device Farm

One of the alleged device farms used to send tests via iMessage
Photo Credit: Prodaft

 

In order to deliver a high volume of messages via iMessage, Lucid uses large iOS device farms that use rotating, temporary Apple IDs. On the other hand, the cybercriminals use "carrier implementation inconsistencies in sender verification" to send RCS messages to unsuspecting users. 

  • Google Fixes Critical Zero-Day Security Flaw Affecting Google Chrome

The messages are designed to convince users to click on a phishing link, which leads to one of several phishing websites set up on over 1,000 domains owned by the threat actors. For example, some messages prompt users to complete fake toll payments, in order to avoid fines. On iMessage, recipients are even asked to respond, as links are disabled in new texts from unknown senders.

The ready-to-use phishing websites allow cybercriminals to collect people's details, including their credit card information. They can then use a validator to verify whether the card details are valid, before using or selling the information.

Lucid is operated as a PhaaS platform by a Chinese group known as XinXin, according to the researchers. Access to the platform is sold on a weekly basis via a Telegram channel. They are believed to be behind other platforms such as Darcula and Lighthouse, which also offer similar PhaaaS functionality.

  • Corporate Executives Said to Be Targeted by AI-Generated Phishing Scams

In order to stay safe from these phishing attacks, users should refrain from clicking on links in messages received from unknown users. When in doubt about the authenticity of a message, users can contact the sender by looking up the official contact details online, or log in to a service that they use and check for pending payments.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Phishing, iMessage, RCS, iPhone, Android
David Delima
David Delima Gadgets360 Twitter Share
As a writer on technology with Gadgets 360, David Delima is interested in open-source technology, cybersecurity, consumer privacy, and loves to read and write about how the Internet works. David can be contacted via email at DavidD@ndtv.com, on Twitter at @DxDavey, and Mastodon at mstdn.social/@delima. More
Samsung Galaxy Tab S10 FE, Tab S10 FE+ With Exynos 1580​ SoCs Launched in India: Price, Features
Crypto Price Today: Bitcoin Faces Loss Alongside Most Altcoins Following Trump’s Tariff Decision  

Related Stories

  • Google Chrome Update Fixes Zero-Day Security Flaw That Targeted Media, Government and Educational Institutions
    Google Chrome Update Fixes Zero-Day Security Flaw That Targeted Media, Government and Educational Institutions
    28 March 2025
  • eBay and Beazley Reportedly Being Targeted by Advanced AI-Generated Phishing Scams
    eBay and Beazley Reportedly Being Targeted by Advanced AI-Generated Phishing Scams
    2 January 2025
  • Netflix Suspended Account Scam Being Used By Hackers to Steal User Information in Several Countries
    Netflix Suspended Account Scam Being Used By Hackers to Steal User Information in Several Countries
    6 December 2024
  • Lumma Stealer Malware Being Spread to Windows Devices via Fake Human Verification Pages, CloudSEK Says
    Lumma Stealer Malware Being Spread to Windows Devices via Fake Human Verification Pages, CloudSEK Says
    19 September 2024
  • Telegram-Backed TON Blockchain Under Threat of Phishing Attacks, Experts Warn
    Telegram-Backed TON Blockchain Under Threat of Phishing Attacks, Experts Warn
    24 June 2024

Leave a Comment