The phishing-as-a-service (PhaaS) offering known as Lighthouse and Lucid has been linked to more than 17,500 phishing domains targeting 316 brands from 74 countries.

"Phishing-as-a-Service (PhaaS) deployments have risen significantly recently," Netcraft said in a new report. "The PhaaS operators charge a monthly fee for phishing software with pre-installed templates impersonating, in some cases, hundreds of brands from countries around the world."

Lucid was first documented by Swiss cybersecurity company PRODAFT earlier this April, detailing the phishing kit's ability to send smishing messages via Apple iMessage and Rich Communication Services (RCS) for Android.

The service is assessed to be the work of a Chinese-speaking threat actor known as the XinXin group (changqixinyun), w

See Full Page