Google sues Chinese network over AI text phishing scams

• Google sued Outsider over AI text phishing scams.
• Outsider was linked to $1.9 billion in losses.

Google has filed a lawsuit against a suspected Chinese cybercrime network accused of using artificial intelligence to support text-message scams targeting Android users in the United States.

The complaint, filed on June 12, identifies the group as Outsider Enterprise. The network allegedly sent 2.5 million messages to Android users over two weeks, with fraudulent links designed to collect personal information from cellphone users.

According to The Hacker NewsGoogle described Outsider as a phishing-as-a-service software kit sold through Telegram. The service allegedly allowed criminals to create fraudulent websites and run SMS phishing campaigns for $88 a week or $200 a month.

Outsider sold as phishing service

Outsider was distributed through Telegramaccording to Google. Reuters reported that the software allegedly copied hundreds of trusted websites and included instructions for using AI tools, including Gemini, to generate phishing pages.

According to the filing, the operation targeted hundreds of thousands of people in the US. The links directed recipients to websites created by the group.

During the same period, 55,000 spam texts linked to Outsider were flagged by Android users, according to The Hacker News.

The messages appeared to come from Google and other recognised online brands, according to Google. Some referred to brokerage account issues or mobile carrier rewards. Others warned users about compromised accounts or package-tracking problems.

Users who clicked the links were taken to websites that requested confidential information. The group allegedly coordinated activity through Telegram and distributed links through text messages.

The service allegedly offered more than 290 pre-built templates that impersonated trusted institutions. It also included real-time keystroke logging and a dashboard for tracking campaign activity, according to Google.

The kit allegedly included website templates, campaign-tracking tools, and data-theft functions. The complaint said Outsider was used to run SMS phishing operations.

AI use and campaign scale

The lawsuit also alleges that members of the network encouraged one another to use Google’s Gemini chatbot and other AI tools to write custom code for malicious websites. According to the complaint cited by The Hacker Newsthe prompts were framed as ordinary programming requests, such as asking for HTML code for a gift redemption page.

Google alleged that the generated code could be copied into Outsider to turn a basic webpage into a fraudulent site used to collect personal or financial information.

The operation involved 9,000 fake websites and more than 1.59 million fraudulent URLs, according to Google and The Hacker News. The URLs were identified between November 14, 2025, and April 14, 2026.

The Federal Trade Commission said US consumers reported $470 million in losses from scams that started with text messages in 2024. That was more than five times the amount reported in 2020.

The FBI said phishing and spoofing were among the top three cybercrime categories by victim complaints in 2024. Reported internet-crime losses reached $16.6 billion that year.

FBI and telecom firms disrupt infrastructure

Google worked with AT&T, T-Mobile US, and Verizon Communications to block the messages before they reached potential victims, according to the company.

The FBI said the platform was linked to an estimated 3.87 million stolen credit cards since July 2023, according to The Hacker News. The same estimate linked Outsider to about $1.9 billion in losses.

As part of Operation Ghost Hook, authorities seized domains tied to the service and redirected some phishing sites to an FBI notice page. They also confiscated about $100,000 in USDT from Outsider payment wallets.

The FBI worked with Google and Lumen Technologies’ Black Lotus Labs on Operation Ghost Hook, according to Brett Leatherman, assistant director of the FBI’s Cyber Division. He said the operation seized admin servers, phishing domains, and crypto wallets linked to Outsider.

CyberScoop reported that the FBI linked Outsider to phishing attacks against people and businesses in 55 countries, including the United States.

Verizon Chief Information Security Officer Nasrin Rezai said in a statement that cybercriminals were using advanced technologies, including AI, to carry out text-message scams. She said countering those threats requires cooperation between technology companies, telecom providers, and law enforcement.

The complaint also described Outsider Enterprise as a network with separate roles. These included software development, target-list sourcing, bulk messaging, theft, and Telegram-based coordination.

Google seeks court order

Google is seeking a court order to block the Outsider software and is asking for unspecified monetary damages, Reuters reported. The lawsuit also accuses the group of abusing Google Cloud, Google Drive, and Google trademarks.

Google also supports seven pending congressional bills aimed at countering scams, Reuters reported.

The action follows another Google lawsuit filed seven months earlier against the operators of Lighthouse. According to The Hacker Newsthat case targeted a separate phishing-as-a-service platform accused of reaching more than 1 million users across 120 countries.

Want to experience the full spectrum of enterprise technology innovation? Join TechEx in Amsterdam, California, and London. Covering AI, Big Data, Cyber Security, IoT, Digital Transformation, Intelligent Automation, Edge Computing, and Data Centres, TechEx brings together global leaders to share real-world use cases and in-depth insights. Click here for more information.