The number of text message scams continues to explode worldwide. Cybercriminals are increasingly targeting smartphones as part of their attacks. In 2023, the 33700 service, dedicated to reporting SMS spam, received 3.4 million reports in France, compared to 2.2 million in 2022. According to the cybersecurity company Proofpoint, there are between 300,000 and 400,000 SMS phishing attempts every day worldwide.
Since the summer of 2023, "fraudulent phishing SMS and emails impersonating various organizations have become increasingly frequent, particularly in Europe, the United Kingdom and the United States", Prodaft adds in a report published on March 24, 2025. To explain the explosion of mobile phishing attacks, Prodaft experts point to the emergence of a new criminal platform, Lucid. Made available by Chinese cybercriminals XinXin since 2023, the platform allows them to orchestrate SMS scams targeting iPhones and Android smartphones.
A tool sold on Telegram
The platform is available as part of a paid subscription. To generate profits, Chinese hackers have opted for the PhaaS model (Phishing-as-a-Service). For a fee, Lucid subscribers can access over 1,000 phishing domain names, custom phishing sites, and powerful spam tools.
In short, they get everything they need to carry out a cyberattack from A to Z. XinXin hackers sell their services through Telegram, the encrypted messaging service that has become a veritable den for cybercriminals.
100,000 messages per day
On a dedicated channel, the hackers claim that Lucid is capable of sending 100,000 phishing messages per day, whether SMS or iMessage. The cybercriminals claim that the messages sent by Lucid are encrypted in such a way as to bypass "traditional SMS spam filters." These precautions increase the likelihood that the target will eventually fall for the trap.
An easy-to-use platform
To send so many messages per day, Lucid relies on farms made up of hundreds of Android and iOS devices. As a promotional video posted online by Lucid shows, subscribers can very well carry out their attacks from a car while driving.
Asked about the purpose of this video by Bleeping Computer, Prodaft explains that "the main objective of this demonstration, which shows the sending of phishing messages from victims' devices while they are driving, is to highlight how easy it is for anyone to get involved in this type of operation.".
Package delivery scams
The messages sent claim to come from reputable entities, such as USPS, DHL, Royal Mail, FedEx, Revolut, Amazon, American Express, and HSBC. In many cases, Lucid subscribers orchestrate package delivery scams. Typically, these attacks aim to steal as much personal data as possible, such as the target's name, email address, postal address, and credit card information. Lucid also includes a credit card validator. Hackers can directly verify whether the obtained data is valid.
The platform allows users to impersonate 169 different entities, located in 188 countries worldwide. Among the French targets are amendes.gouv.fr, the official website for paying traffic fines, and the La Poste website. As Prodaft researchers explain, "Lucid represents a significant and ongoing cyber threat." This type of platform is clearly on the rise, warns the experts' report.
Source: Prodaft
0 Comments