Cybercriminals Offer Access to 'Lucid' Phishing Platform to Target iPhone 352f70 Android Phones in 88 Countries

s who click on links are taken to ready-to-use phishing websites that collect personal information and credit card details. v5go

Written by David Delima | Updated: 3 April 2025 13:52 IST

Cybercriminals Offer Access to 'Lucid' Phishing Platform to Target iPhone, Android Phones in 88 Countries

Lucid offers phishing websites with validation tools for collected credit card details 3k5q69

Highlights

Chinese cybercriminals are offering access to Lucid, a phishing platform
The service allows anyone to operate a phishing campaign
Fake phishing messages sent via Lucid ask for toll and parking charges

ment

Cybercriminals are using massive device farms that comprise iPhone and Android smartphones in order to send iMessage and rich communication services (RCS) chats, with links that lead to phishing websites. These messages are capable of evading typical SMS spam filters due to end-to-end encryption (E2EE). The cybercriminals are also selling licences to use the Lucid platform via a Telegram channel.

Lucid Platform Claimed to Deliver Over 100,000 Messages Every Day 4n1g5c

Unlike regular SMS, messages are delivered to s via iMessage or RCS on iPhone and Android smartphones, respectively. As these are E2EE messaging services, the messages have a higher delivery rate than SMS phishing messages, according to Prodaft's report. These messages are also cheaper than SMS, as there are no operator charges.

One of the alleged device farms used to send tests via iMessage
Photo Credit: Prodaft

In order to deliver a high volume of messages via iMessage, Lucid uses large iOS device farms that use rotating, temporary Apple IDs. On the other hand, the cybercriminals use "carrier implementation inconsistencies in sender verification" to send RCS messages to unsuspecting s.

Google Fixes Critical Zero-Day Security Flaw Affecting Google Chrome

The messages are designed to convince s to click on a phishing link, which leads to one of several phishing websites set up on over 1,000 domains owned by the threat actors. For example, some messages prompt s to complete fake toll payments, in order to avoid fines. On iMessage, recipients are even asked to respond, as links are disabled in new texts from unknown senders.

The ready-to-use phishing websites allow cybercriminals to collect people's details, including their credit card information. They can then use a validator to whether the card details are valid, before using or selling the information.

Lucid is operated as a PhaaS platform by a Chinese group known as XinXin, according to the researchers. Access to the platform is sold on a weekly basis via a Telegram channel. They are believed to be behind other platforms such as Darcula and Lighthouse, which also offer similar PhaaaS functionality.

Corporate Executives Said to Be Targeted by AI-Generated Phishing Scams

In order to stay safe from these phishing attacks, s should refrain from clicking on links in messages received from unknown s. When in doubt about the authenticity of a message, s can the sender by looking up the official details online, or to a service that they use and check for pending payments.

Comments

For the latest reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Android

David Delima

Email David Delima

As a writer on technology with Gadgets 360, David Delima is interested in open-source technology, cybersecurity, consumer privacy, and loves to read and write about how the Internet works. David can be ed via email at [email protected], on Twitter at @DxDavey, and Mastodon at mstdn.social/@delima. More