Wang Duo Yu markets Lighthouse as a commercial phishing kit ecosystem
Threat Actor Meta
Summary
Hide ▲
Show ▼
The Lighthouse platform is being sold as a paid phishing-as-a-service ecosystem, widening access to smishing infrastructure and increasing the scale of payment-card theft. The service model matters because it packages templates, hosting, and support into a reusable offering that lowers the barrier for operators to launch toll- and delivery-themed fraud. The ecosystem has continued through 2025, with signs of broader reuse by multiple criminal operators.
Related Happenings
Paid brand-impersonation phishing kits Lucid and Lighthouse scale fake-domain operations
Threat Actor Meta
H score37
First: 01.07.2026 10:20
Last: 01.07.2026 10:20
Sources 1
About this happening:
Brand-impersonation phishing has become a **paid service**, with kits like **Lucid** and **Lighthouse** scaling fake-domain operations across **316 brands** in **74 countries**, i...
Paid brand-impersonation phishing kits Lucid and Lighthouse scale fake-domain operations
Threat Actor MetaAbout this happening: Brand-impersonation phishing has become a **paid service**, with kits like **Lucid** and **Lighthouse** scaling fake-domain operations across **316 brands** in **74 countries**, i...
Outsider Enterprise-Outsider-Chinese cybercrime alliance reshapes ransomware ecosystem operations
Threat Actor Meta
H score69
First: 12.06.2026 21:59
Last: 12.06.2026 21:59
Sources 1
About this happening:
The **Outsider Enterprise** is a **Chinese phishing-as-a-service** operation that used **Telegram**, **AI**, and distributed phishing kits to run large-scale brand-impersonation c...
Outsider Enterprise-Outsider-Chinese cybercrime alliance reshapes ransomware ecosystem operations
Threat Actor MetaAbout this happening: The **Outsider Enterprise** is a **Chinese phishing-as-a-service** operation that used **Telegram**, **AI**, and distributed phishing kits to run large-scale brand-impersonation c...
Sniper Dz free PhaaS ecosystem rebranded to scale phishing operations
Threat Actor Meta
H score43
First: 12.06.2026 11:52
Last: 12.06.2026 11:52
Sources 1
About this happening:
A long-running **Sniper Dz** ecosystem operated as a **free phishing-as-a-service (PhaaS)** platform that repeatedly rebranded, lowering the barrier for large-scale credential the...
Sniper Dz free PhaaS ecosystem rebranded to scale phishing operations
Threat Actor MetaAbout this happening: A long-running **Sniper Dz** ecosystem operated as a **free phishing-as-a-service (PhaaS)** platform that repeatedly rebranded, lowering the barrier for large-scale credential the...
Latest development: 15.06.2026 09:30
Fraudulent Facebook accounts impersonating politicians, public figures, and trusted organizations targeted users across the Middle East and North Africa with fake offers for free mobile internet packages, financial compensation, and government subsidy programs, then routed victims through Linkbio and Linktree decoy pages into Sniper Dz phishing and traffic monetization infrastructure that abuses browser notification permissions, back-button hijacking, tab-under redirections, premium SMS subscriptions, premium-rate calls, and investment scams.
FIFA-themed phishing-as-a-service market selling scam kits and ticket-buying bots
Threat Actor Meta
H score42
First: 05.06.2026 10:01
Last: 05.06.2026 10:01
Sources 1
About this happening:
A **FIFA-themed phishing-as-a-service market** is selling **ready-made scam kits** and **ticket-buying bots**, lowering the barrier for fraud operators and making takedowns less e...
FIFA-themed phishing-as-a-service market selling scam kits and ticket-buying bots
Threat Actor MetaAbout this happening: A **FIFA-themed phishing-as-a-service market** is selling **ready-made scam kits** and **ticket-buying bots**, lowering the barrier for fraud operators and making takedowns less e...
Lucifer DaaS’s evolution into a commission-based drainer service platform
Threat Actor Meta
H score19
First: 21.05.2026 17:00
Last: 21.05.2026 17:00
Sources 1
About this happening:
**Lucifer DaaS** has evolved into a **structured underground drainer platform**, shifting wallet theft from isolated phishing pages to a commission-based service model that scales...
Lucifer DaaS’s evolution into a commission-based drainer service platform
Threat Actor MetaAbout this happening: **Lucifer DaaS** has evolved into a **structured underground drainer platform**, shifting wallet theft from isolated phishing pages to a commission-based service model that scales...
Timeline
-
12.11.2025 22:59 3 articles · 7mo ago
Google files lawsuit against Lighthouse phishing platform
Initial DisclosureGoogle files a lawsuit to dismantle Lighthouse, a phishing-as-a-service platform that impersonates USPS and E-ZPass, while researchers tie the ecosystem to Wang Duo Yu, Telegram sales and support channels, iMessage and RCS delivery, and subscription pricing from $88 per week to $1,588 per year; the group previously operated as Smishing Triad before rebranding as Lighthouse in March 2025, and Google says the operation has affected over 1 million victims across 120 countries and helped steal up to 115 million payment cards in the U.S. between July 2023 and October 2024.
Show sources
- Google sues to dismantle Chinese platform behind global toll scams — www.bleepingcomputer.com — 12.11.2025 22:59
- Google Sues to Disrupt Chinese SMS Phishing Triad — krebsonsecurity.com — 13.11.2025 16:47
- Chinese Threat Actors Ditch Static Phishing Pages for Live Credential Interception — www.infosecurity-magazine.com — 26.05.2026 17:45