357/68 Tuesday, September 23, 2025
Cybersecurity experts have issued a warning about the widespread use of Phishing-as-a-Service (PhaaS) platforms named Lighthouse and Lucid, which are being leveraged as tools to conduct online phishing attacks. These services have been used to target more than 316 well-known global brands across 74 countries. The platforms allow threat actors to easily rent and deploy software that generates fraudulent websites. The attacks are not limited to emails but also extend to SMS messages, Apple iMessage, and Rich Communication Services (RCS) for Android, broadening the reach and effectiveness of phishing campaigns.
Lucid and Lighthouse are highly sophisticated, offering customizable phishing kits tailored to specific targets. For instance, fraudulent sites can be configured to display only when accessed from particular countries or devices, while other visitors are redirected to alternative fake websites – a feature that significantly complicates detection and mitigation. Researchers also found the use of homoglyph techniques, such as replacing the forward slash (“/”) with the Japanese character “ん,” to deceive victims into believing they are visiting a legitimate URL. This trick has already been exploited in phishing campaigns targeting cryptocurrency wallet users across more than 600 domains.
Experts highlight that the rapid growth of PhaaS platforms like Lighthouse and Lucid illustrates how cybercriminals are collaborating and constantly innovating new tactics. Meanwhile, attackers are shifting away from centralized data exfiltration channels such as Telegram, reverting back to email as a preferred method for stolen data transfer, as it is more distributed and harder to trace. Additionally, newer services like EmailJS are being abused to collect personal information and credentials directly from victims, without relying on their own infrastructure. This marks an escalation in the stealth and effectiveness of phishing operations. Users are strongly advised to exercise heightened caution when clicking on links or opening attachments from unknown sources to protect themselves from these evolving threats.
Source https://thehackernews.com/2025/09/17500-phishing-domains-target-316.html
