Phishing-as-a-Service (PhaaS) platforms Lucid and Lighthouse target 316 brands across 74 countries

First reported

19.09.2025 17:02

Last updated

📰 1 unique sources, 1 articles

Summary

Hide ▲

The phishing-as-a-service (PhaaS) platforms Lucid and Lighthouse have been linked to more than 17,500 phishing domains targeting 316 brands across 74 countries. The platforms offer phishing software with pre-installed templates impersonating various brands, enabling customers to mount phishing campaigns at scale. The platforms incorporate various criteria to ensure that only intended targets can access the phishing URLs. The platforms are assessed to be the work of Chinese-speaking threat actors, including the XinXin group and others. The platforms offer template customization and real-time victim monitoring, with prices ranging from $88 for a week to $1,588 for a yearly subscription. The development highlights the broader trend of collaboration and innovation within the PhaaS ecosystem, as well as the shift in phishing attacks from communication channels like Telegram to email. The platforms have also been linked to homoglyph attacks using the Japanese Hiragana character to pass off fake website URLs as legitimate.

Timeline

19.09.2025 17:02 📰 1 articles · ⏱ 4h ago

Lucid and Lighthouse PhaaS platforms target 316 brands across 74 countries
The phishing-as-a-service (PhaaS) platforms Lucid and Lighthouse have been linked to more than 17,500 phishing domains targeting 316 brands across 74 countries. The platforms offer phishing software with pre-installed templates impersonating various brands, enabling customers to mount phishing campaigns at scale. The platforms incorporate various criteria to ensure that only intended targets can access the phishing URLs. The platforms are assessed to be the work of Chinese-speaking threat actors, including the XinXin group and others. The platforms offer template customization and real-time victim monitoring, with prices ranging from $88 for a week to $1,588 for a yearly subscription.
Show sources

17,500 Phishing Domains Target 316 Brands Across 74 Countries in Global PhaaS Surge — thehackernews.com — 19.09.2025 17:02
Open in new tab

Information Snippets

The phishing-as-a-service (PhaaS) platforms Lucid and Lighthouse have been linked to more than 17,500 phishing domains targeting 316 brands across 74 countries.
First reported: 19.09.2025 17:02

📰 1 source, 1 article
Show sources
- 17,500 Phishing Domains Target 316 Brands Across 74 Countries in Global PhaaS Surge — thehackernews.com — 19.09.2025 17:02
The platforms offer phishing software with pre-installed templates impersonating various brands, enabling customers to mount phishing campaigns at scale.
First reported: 19.09.2025 17:02

📰 1 source, 1 article
Show sources
- 17,500 Phishing Domains Target 316 Brands Across 74 Countries in Global PhaaS Surge — thehackernews.com — 19.09.2025 17:02
The platforms incorporate various criteria to ensure that only intended targets can access the phishing URLs.
First reported: 19.09.2025 17:02

📰 1 source, 1 article
Show sources
- 17,500 Phishing Domains Target 316 Brands Across 74 Countries in Global PhaaS Surge — thehackernews.com — 19.09.2025 17:02
The platforms are assessed to be the work of Chinese-speaking threat actors, including the XinXin group and others.
First reported: 19.09.2025 17:02

📰 1 source, 1 article
Show sources
- 17,500 Phishing Domains Target 316 Brands Across 74 Countries in Global PhaaS Surge — thehackernews.com — 19.09.2025 17:02
The platforms offer template customization and real-time victim monitoring, with prices ranging from $88 for a week to $1,588 for a yearly subscription.
First reported: 19.09.2025 17:02

📰 1 source, 1 article
Show sources
- 17,500 Phishing Domains Target 316 Brands Across 74 Countries in Global PhaaS Surge — thehackernews.com — 19.09.2025 17:02
The development highlights the broader trend of collaboration and innovation within the PhaaS ecosystem, as well as the shift in phishing attacks from communication channels like Telegram to email.
First reported: 19.09.2025 17:02

📰 1 source, 1 article
Show sources
- 17,500 Phishing Domains Target 316 Brands Across 74 Countries in Global PhaaS Surge — thehackernews.com — 19.09.2025 17:02
The platforms have also been linked to homoglyph attacks using the Japanese Hiragana character to pass off fake website URLs as legitimate.
First reported: 19.09.2025 17:02

📰 1 source, 1 article
Show sources
- 17,500 Phishing Domains Target 316 Brands Across 74 Countries in Global PhaaS Surge — thehackernews.com — 19.09.2025 17:02

Summary

Timeline

Lucid and Lighthouse PhaaS platforms target 316 brands across 74 countries

Information Snippets