Phishing Attacks Are Evolving
Phishing campaigns have become more sophisticated than ever. A new threat platform called Lucid has targeted 169 organizations in 88 countries. It delivers smishing messages using Apple iMessage and Android RCS, avoiding traditional SMS spam filters.
Instead of relying on old-school methods, Lucid operates as a phishing-as-a-service (PhaaS) tool. This subscription-based model allows cybercriminals to launch phishing attacks at scale. According to a report, attackers use it to steal credit card details and personal data.
How Lucid Avoids Detection
Lucid is not your typical phishing tool. It uses trusted communication platforms—like iMessage and RCS—to send scam messages. Therefore, its success rate is much higher. These messages often appear legitimate, which makes them harder to detect.
The platform’s creators, part of a Chinese-speaking group known as XinXin, have built other PhaaS services as well. This shows a growing underground economy where threat actors buy and sell phishing tools. Many of these tools are advertised on Telegram.
Advanced Tactics and Tools
Lucid uses emulators and real devices to send scam messages in bulk. These are often powered by data leaks and lists purchased from cybercrime forums. For example, iMessage scams use fake Apple IDs and ask users to reply “Y” to bypass restrictions.
On RCS, scammers rotate numbers and domains to avoid being blocked. Each part of the process is designed to fool both users and detection systems. Furthermore, the phishing sites use temporary URLs, user-agent filtering, and IP blocks to stay hidden.
Real-Time Tracking and Data Theft
Lucid’s backend dashboard monitors every click a victim makes. As a result, attackers can extract credit card details and other sensitive data in real time. The platform uses the Webman PHP framework to power this feature.
The report highlights that the XinXin group profits by selling stolen card data. At the same time, they support other criminals by developing more phishing platforms. Their activity shows a well-connected and well-organized cybercrime network.
A Growing Trend in Cybercrime
Researchers have noticed a rise in phishing-as-a-service attacks this year. Platforms like Tycoon 2FA and EvilProxy show that this trend is accelerating. While Tycoon accounts for the majority, others continue to evolve and spread.
These services make phishing more accessible and dangerous. Attackers no longer need deep technical knowledge. They can simply subscribe and start targeting victims.
How to Prevent PhaaS Attacks
To defend against these growing threats, companies must act now. Using a Security Operations Center (SOC) service is one of the most effective ways. SOC teams can detect, respond, and contain threats in real time. In addition, organizations should implement email filtering, enable multi-factor authentication, and regularly train staff to recognize phishing attempts. Prevention begins with awareness and strong security infrastructure.
Sleep well, we got you covered.
