Cybercriminals Offer Access to ‘Lucid’ Phishing Platform to Target iPhone, Android Phones in 88 Countries

Cybercriminals are utilizing large gadget farms that comprise iPhone and Android smartphones in order to ship phishing messages to customers in 88 nations, in accordance to safety researchers. The ‘Lucid’ phishing-as-a-service (PhaaS) platform is designed to ship messages through iMessage and wealthy communication providers (RCS) chats, with hyperlinks that lead to phishing web sites. These messages are able to evading typical SMS spam filters due to end-to-end encryption (E2EE). The cybercriminals are additionally promoting licences to use the Lucid platform through a Telegram channel.

Lucid Platform Claimed to Deliver Over 100,000 Messages Every Day

Unlike common SMS, messages are delivered to customers through iMessage or RCS on iPhone and Android smartphones, respectively. As these are E2EE messaging providers, the messages have a better supply fee than SMS phishing messages, in accordance to Prodaft’s report. These messages are additionally cheaper than SMS, as there aren’t any operator costs.

One of the alleged gadget farms used to ship checks through iMessage
Photo Credit: Prodaft

In order to ship a excessive quantity of messages through iMessage, Lucid makes use of giant iOS gadget farms that use rotating, short-term Apple IDs. On the opposite hand, the cybercriminals use “carrier implementation inconsistencies in sender verification” to ship RCS messages to unsuspecting customers. 

The messages are designed to persuade customers to click on on a phishing hyperlink, which leads to one in all a number of phishing web sites arrange on over 1,000 domains owned by the risk actors. For instance, some messages immediate customers to full faux toll funds, in order to keep away from fines. On iMessage, recipients are even requested to reply, as hyperlinks are disabled in new texts from unknown senders.

The ready-to-use phishing web sites enable cybercriminals to acquire individuals’s particulars, together with their bank card info. They can then use a validator to confirm whether or not the cardboard particulars are legitimate, earlier than utilizing or promoting the data.

Lucid is operated as a PhaaS platform by a Chinese group referred to as XinXin, in accordance to the researchers. Access to the platform is offered on a weekly foundation through a Telegram channel. They are believed to be behind different platforms similar to Darcula and Lighthouse, which additionally provide related PhaaaS performance.

In order to keep protected from these phishing assaults, customers ought to chorus from clicking on hyperlinks in messages acquired from unknown customers. When in doubt in regards to the authenticity of a message, customers can contact the sender by wanting up the official contact particulars on-line, or log in to a service that they use and test for pending funds.