Wang Duo Yu markets Lighthouse as a commercial phishing kit ecosystem
Threat Actor Meta
Summary
Hide ▲
Show ▼
The Lighthouse platform is being sold as a paid phishing-as-a-service ecosystem, widening access to smishing infrastructure and increasing the scale of payment-card theft. The service model matters because it packages templates, hosting, and support into a reusable offering that lowers the barrier for operators to launch toll- and delivery-themed fraud. The ecosystem has continued through 2025, with signs of broader reuse by multiple criminal operators.
Related Happenings
Lucifer DaaS’s evolution into a commission-based drainer service platform
Threat Actor Meta
First: 21.05.2026 17:00
Last: 21.05.2026 17:00
Sources 1
About this happening:
**Lucifer DaaS** has evolved into a **structured underground drainer platform**, shifting wallet theft from isolated phishing pages to a commission-based service model that scales...
Lucifer DaaS’s evolution into a commission-based drainer service platform
Threat Actor MetaAbout this happening: **Lucifer DaaS** has evolved into a **structured underground drainer platform**, shifting wallet theft from isolated phishing pages to a commission-based service model that scales...
Triad Nexus expands fraud ecosystem and shifts into emerging markets after 2025 US sanctions
Threat Actor Meta
First: 14.04.2026 15:00
Last: 14.04.2026 15:00
Sources 1
About this happening:
**Triad Nexus** expanded its fraud ecosystem after **US Treasury sanctions in 2025**, increasing operational scale and shifting into **emerging markets**. The network’s use of **U...
Triad Nexus expands fraud ecosystem and shifts into emerging markets after 2025 US sanctions
Threat Actor MetaAbout this happening: **Triad Nexus** expanded its fraud ecosystem after **US Treasury sanctions in 2025**, increasing operational scale and shifting into **emerging markets**. The network’s use of **U...
Triad Nexus investment scam and brand impersonation campaign targeting emerging markets
Campaign
First: 14.04.2026 15:00
Last: 14.04.2026 15:00
Sources 1
About this happening:
The **Triad Nexus** campaign is continuing to run **large-scale investment scams** and **brand impersonation**, expanding into **emerging markets** and driving higher fraud losses...
Triad Nexus investment scam and brand impersonation campaign targeting emerging markets
CampaignAbout this happening: The **Triad Nexus** campaign is continuing to run **large-scale investment scams** and **brand impersonation**, expanding into **emerging markets** and driving higher fraud losses...
Anthropic launches Project Glasswing with Claude Mythos for vulnerability discovery
Security Tool/Service
First: 08.04.2026 12:16
Last: 08.04.2026 12:16
Sources 1
About this happening:
**Anthropic’s Project Glasswing** is now showing measurable results: since launching last month, the **Claude Mythos Preview**-based initiative has uncovered **more than 10,000**...
Anthropic launches Project Glasswing with Claude Mythos for vulnerability discovery
Security Tool/ServiceAbout this happening: **Anthropic’s Project Glasswing** is now showing measurable results: since launching last month, the **Claude Mythos Preview**-based initiative has uncovered **more than 10,000**...
Latest development: 23.05.2026 14:55
Anthropic said Project Glasswing has uncovered more than 10,000 high- or critical-severity vulnerabilities across widely used software since the program launched last month, including 6,202 high/critical flaws affecting more than 1,000 open-source projects, 1,726 validated true positives, 1,094 high/critical flaws, a critical WolfSSL flaw tracked as CVE-2026-5194 with CVSS score 9.1, 97 upstream patches, and 88 advisories.
Venom Stealer subscription and affiliate malware-service ecosystem
Threat Actor Meta
First: 01.04.2026 16:30
Last: 01.04.2026 16:30
Sources 1
About this happening:
**Venom Stealer** is being run as a **subscription-based** malware service with **Telegram licensing** and an **affiliate program**, signaling a more organized cybercrime ecosyste...
Venom Stealer subscription and affiliate malware-service ecosystem
Threat Actor MetaAbout this happening: **Venom Stealer** is being run as a **subscription-based** malware service with **Telegram licensing** and an **affiliate program**, signaling a more organized cybercrime ecosyste...
Timeline
-
12.11.2025 22:59 3 articles · 6mo ago
Google files lawsuit against Lighthouse phishing platform
Initial DisclosureGoogle files a lawsuit to dismantle Lighthouse, a phishing-as-a-service platform that impersonates USPS and E-ZPass, while researchers tie the ecosystem to Wang Duo Yu, Telegram sales and support channels, iMessage and RCS delivery, and subscription pricing from $88 per week to $1,588 per year; the group previously operated as Smishing Triad before rebranding as Lighthouse in March 2025, and Google says the operation has affected over 1 million victims across 120 countries and helped steal up to 115 million payment cards in the U.S. between July 2023 and October 2024.
Show sources
- Google sues to dismantle Chinese platform behind global toll scams — www.bleepingcomputer.com — 12.11.2025 22:59
- Google Sues to Disrupt Chinese SMS Phishing Triad — krebsonsecurity.com — 13.11.2025 16:47
- Chinese Threat Actors Ditch Static Phishing Pages for Live Credential Interception — www.infosecurity-magazine.com — 26.05.2026 17:45