A sophisticated Phishing-as-a-Service (PhAAS) platform called Lucid, operated by Chinese-speaking threat actors, has emerged as a significant cybersecurity threat.
Developed by the XinXin group, Lucid facilitates large-scale phishing campaigns targeting 169 entities across 88 countries.
The platform exploits advanced messaging protocols like Rich Communication Services (RCS) and Apple’s iMessage to circumvent traditional SMS-based detection mechanisms.
Lucid’s infrastructure comprises 129 active instances and over 1,000 registered domains, positioning it among prominent PhAAS platforms.
The service employs an automated attack delivery mechanism, deploying customizable phishing websites primarily distributed through SMS-based lures.
By leveraging Apple iMessage and Android’s RCS technology, Lucid bypasses conventional SMS spam filters, significantly increasing delivery and success rates of phishing attempts.
Advanced Evasion Techniques and Monetization
Lucid incorporates sophisticated anti-detection and evasion techniques, including IP blocking and user-agent filtering, to extend the lifespan of its phishing sites.
The platform features a built-in card generator, enabling threat actors to efficiently validate and exploit stolen payment data.
According to the Report, this combination of advanced infrastructure and persistent activity underscores the growing reliance on PhAAS platforms to facilitate payment fraud and financial cybercrime.
The XinXin group, responsible for Lucid’s development, operates within a structured hierarchy of administrators, employees, and guests.
Key figures such as LARVA-242 (changqixinyun) serve as developers and administrators, while others like LARVA-244 (ladeng999888) and LARVA-245 (daxiong199708) provide customer support.
The group not only utilizes these tools for their own campaigns but also monetizes them by selling access through Telegram channels.
Ecosystem of Interconnected PhAAS Platforms
Lucid is part of a broader ecosystem of PhAAS platforms, including Darcula and Lighthouse, which share similar features, templates, and targeting patterns.
This interconnectedness highlights a unified threat landscape driven by Chinese-speaking actors, who are introducing innovative and cost-effective systems to target larger user bases with sophisticated services.
The global reach and technical sophistication of Lucid and its associated platforms pose significant challenges to cybersecurity defenses.
As these PhAAS services continue to evolve, understanding their dynamics and enhancing detection mechanisms will be crucial in mitigating their impact on organizations and individuals worldwide.
Find this Story Interesting! Follow us on LinkedIn, and X to Get More Instant Updates
 platform called Lucid, operated by Chinese-speaking threat actors.){kind=link}