"The phishing-as-a-service (PhaaS) offering known as Lighthouse and Lucid has been linked to more than 17,500 phishing domains targeting 316 brands from 74 countries. "Phishing-as-a-Service (PhaaS) deployments have risen significantly recently," Netcraft said in a new report. "The PhaaS operators charge a monthly fee for phishing software with pre-installed templates impersonating, in some cases, hundreds of brands from countries around the world." Lucid was first documented by Swiss cybersecurity company PRODAFT earlier this April, detailing the phishing kit's ability to send smishing messages via Apple iMessage and Rich Communication Services (RCS) for Android."
"The service is assessed to be the work of a Chinese-speaking threat actor known as the XinXin group (changqixinyun), which has also leveraged other phishing kits like Lighthouse and Darcula in its operations. Darcula is developed by an actor named LARVA-246 (aka X667788X0 or xxhcvv), while Lighthouse's development has been linked to LARVA-241 (aka Lao Wang or Wang Duo Yu). The Lucid PhaaS platform enables customers to mount phishing campaigns at scale, targeting a wide range of industries, including toll companies, governments, postal companies, and financial institutions."
"These attacks also incorporate various criteria - such as requiring a specific mobile User-Agent, proxy country, or a fraudster-configured path - to ensure that only the intended targets can access the phishing URLs. If a user other than the target ends up visiting the URL, they are served a generic fake storefront instead. In all, Netcraft said it has detected phishing URLs targeting 164 brands based in 63 different countries hosted through the Lucid platform. Lighthouse phishing URLs have targeted 204 brands based in 50 different countries. Lighthouse, like Lucid, offers template customization and real-time victim monitoring, and boasts the ability to create phishing templates for over 200 platforms across the world"
Lucid and Lighthouse operate as phishing-as-a-service platforms that have supported more than 17,500 phishing domains and targeted 316 brands across 74 countries. PhaaS operators sell monthly access to phishing software with pre-installed impersonation templates spanning hundreds of brands. Lucid enables large-scale campaigns including smishing via Apple iMessage and RCS and applies targeting controls like required mobile User-Agent, proxy-country restrictions, and fraudster-configured paths, serving generic fake storefronts to non-target visitors. Attribution points to a Chinese-speaking XinXin group using Lucid, Lighthouse and Darcula, with developers LARVA-241 and LARVA-246 linked to Lighthouse and Darcula respectively.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]