BleepingComputer reports that Chinese cybercrime group XinXin has leveraged the Lucid phishing-as-a-service platform to target 169 organizations around the world with malicious Android and iOS smishing messages.Attacks involved the distribution of 100,000 end-to-end encrypted mobile phishing messages purporting to be tax, shipping, or toll payment alerts that include links redirecting to bogus websites spoofing Amazon, DHL, American Express, HSBC, the U.S. Postal Service, Royal Mail, and other organizations, a PRODAFT report revealed. Aside from facilitating the exfiltration of personal and financial details, Lucid also enables the immediate testing of pilfered credit cards through an integrated validator. "To enhance effectiveness, Lucid leverages Apple iMessage and Android's RCS technology, bypassing traditional SMS spam filters and significantly increasing delivery and success rates," said PRODAFT researchers, who added that attackers' exploitation of both operating systems' respective messaging technologies also bolsters the cost-effectiveness of the phishing scheme.
Generative artificial intelligence has been added to the Darcula phishing-as-a-service toolkit to enable the creation of phishing forms in several languages just months after the PhaaS platform was updated to facilitate website cloning without much difficulty, The Hacker News reports.
BleepingComputer reports that Google was discovered by Ethereum Name Service lead developer Nick Johnson to have had an OAuth vulnerability leveraged to facilitate the delivery of a bogus email purporting to be a security alert from the company with a valid DomainKeys Identified Mail authentication key as part of a DKIM replay phishing intrusion.
Massive ongoing US toll fraud underpinned by Chinese smishing kit Numerous threat actors have been leveraging an SMS phishing kit developed by Chinese threat actor "Wang Duo Yu" to conduct a widespread smishing attack campaign against toll road users across several U.S. states that has been underway since October, The Hacker News reports.
