March 31, 2025 By Bill Toulas
A phishing-as-a-service (PhaaS) platform named 'Lucid' has been targeting 169 entities in 88 countries using well-crafted messages sent on iMessage (iOS) and RCS (Android).
Lucid, which has been operated by Chinese cybercriminals known as the 'XinXin group' since mid-2023, is sold to other threat actors via a subscription-based model that gives them access to over 1,000 phishing domains, tailored auto-generated phishing sites, and pro-grade spamming tools.
Prodaft researchers note that XinXin has also been using the Darcula v3 platform for its operations, which indicates a potential connection between the two PhaaS platforms.
Subscriptions to Lucid are sold via a dedicated Telegram channel (2,000 members), and customers are granted access via licenses on a weekly basis.
