Criminal hackers really don’t need to find any more ways to facilitate attacks against your devices, accounts and data. What with an automatic password-hacking machine in the news recently, threats for hire, and the FBI warning smartphone users to hang up and use a secret code in light of the latest threat campaigns. And it’s smartphone users who are in the crosshairs again as news breaks of iPhone on iPhone, Android on Android, virtual violence. Pushing out 100,000 phishing attacks every day, the Lucid threat actors have deployed massive smartphone farms to enable the scale of their hacking operation.
Smartphone Farms Behind Large-Scale iOS And Android SMS Attacks
In order to hack your smartphone, be it an Android of any flavor or an iPhone, attackers will most often first look to a phishing campaign to hook you in. You will have all seen them, no doubt, those SMS messages that claim that someone has compromised your account or inform you of a shipping fee or a toll payment that is overdue. The use of AI tools to make these messages sound not only urgent but also in the correct language for the geographic location and configured to impersonate popular brands to perfection has made them much harder to spot than in days past.
But have you ever wondered how criminal groups operate behind the scenes, actually delivering these messages and distributing the hacks to the potential hacking victims? Wonder no more. A new report published to the Prodaft Catalyst cyber intelligence portal has revealed that the operators behind Lucid, a Chinese phishing-as-a-service platform, are targeting 88 countries with a scalable, subscription-based service primarily aiming to harvest credit card data. “To enhance effectiveness,” Product said, “Lucid leverages Apple iMessage and Android’s RCS technology, bypassing traditional SMS spam filters and significantly increasing delivery and success rates.”
Oh, and it employs large-scale smartphone phones to send at least 100,000 SMS attack messages every single day.
What Is A Smartphone Farm?
There’s a great explanation of what smartphone farms are here, but essentially, they are locations where hundreds, even thousands, of connected iPhones and Androids are used to automate tasks on a large scale. They can be used for such things as advertising campaigns or, more shadily, to inflate review ratings or social media posting likes. And, of course, all out nefariously to distribute phishing and malware attack campaigns. Prodaft has seen evidence from Lucid itself of “multiple mobile devices used simultaneously to send out messages and harvest credit card details, all controlled from a centralized system.” There is also evidence of “dozens of mobile device emulators” that are “running in parallel on a single machine, each one used to carry out coordinated scam operations.”
Given the scale of the attacks, enabled by these smartphone farms, and the fact that Lucid deploys advanced anti-detection and evasion techniques including IP blocking and user-agent filtering, it’s a threat that must be taken seriously. Not least as the group behind the Lucid threat, named as the Chinese XinXin actors, is selling access to the platform via a Telegram channel with more than 2,000 members.