Google on Friday said it’s pursuing legal action against a Chinese cybercrime network, accusing it of using its Gemini artificial intelligence (AI) agent to send phishing text messages targeting Americans.
The network is said to be behind the development and management of a phishing-as-a-service (PhaaS) software kit called Outsider, per the tech giant.
“The operation weaponized Gemini to help generate fraudulent phishing pages and deploy massive SMS phishing (‘smishing’) attacks, often through text messages impersonating legitimate brands, alerting recipients of ‘brokerage account issues’ or insisting they are eligible for ‘rewards through their mobile phone carrier,’” Google said.
“The texts prompt users to click a link leading to a fraudulent website that mimics trusted institutions to steal personal and financial information.”
Google said it’s filing the lawsuit to dismantle the network’s infrastructure, and that it’s partnering with AT&T, T-Mobile, and Verizon to block such messages from reaching customers.
Outsider’s operations, according to the company, are coordinated through Telegram, with the network distributing phishing kits that make it possible for threat actors to push fake text messages that claim to be from trusted brands. These schemes are estimated to have victimized more than 100,000 people, leading to millions of dollars in losses.
In addition, 9,000 fake websites and more than 1.59 million fraudulent URLs tied to the phishing service have been identified between November 14, 2025, and April 14, 2026. In a two-week period from May 18 to June 1, 2026, Outside was responsible for 55,000 spam texts flagged by Android users.
During the same timeframe, 2.5 million messages were sent by the network to Android users containing links to Outsider-generated websites. For as little as $88 a week, the kit allows criminals to create fraudulent websites, launch phishing campaigns, and steal victims’ credit card numbers, bank account credentials, and personal data. A license can be purchased via a “self-service ordering bot” on Telegram (@OutsiderCodeBot).
The service also offers more than 290 pre-built templates that impersonate legitimate websites of trusted institutions, real-time keystroke logging, and a performance dashboard to track the effectiveness of a campaign.
“As if Outsider’s plug-and-play simplicity were not alarming enough, the Enterprise has made the tool even more powerful by providing step-by-step instructions on how Outsider can weaponize AI-generated code,” Google said in its complaint filed in Manhattan federal court.
“Following those instructions, Enterprise members can use AI tools to generate programming code for a shell website, and copy and paste that code into Outsider to transform that shell into a fraudulent site that can be used to steal personal or financial information from their victims.”
Google said the prompts for Gemini and other AI platforms are framed as harmless requests for programming assistance, asking the model to generate HTML code to design a “gift redemption page” with the desired functionality and features, and instructing it to avoid using JavaScript and employ inline CSS to implement it. Once the counterfeit website is online, its URL is sent to potential victims via text messages.
The Outsider Enterprise is said to include a number of interconnected groups that play different roles, but collaborate to execute phishing attacks using the phishing kit. This includes –
The Developer Group, which supplies the phishing software and templates
The Data Broker Group, which provides curated lists of people to target
The Spammer Group, which provides the tools to send fraudulent text messages in bulk
The Theft Group, which helps monetize stolen information (e.g., credit cards and credentials) and launder funds from stolen credit cards
The Telegram Group, which facilitates collaboration among members and recruits new members
The advantage with such services, as in the case of recently disrupted Sniper Dz, is that they dramatically lower the barrier to entry for novice fraudsters lacking programming knowledge, who can leverage them to mount convincing phishing attacks with minimal effort and at scale.
“The criminals behind the Outsider Enterprise built a business out of impersonating trusted brands to defraud hundreds of thousands of victims,” said Brett Leatherman, assistant director of the U.S. Federal Bureau of Investigation’s (FBI) Cyber Division. “Criminals increasingly use AI to make fraud like this more convincing and harder to detect.”
The development comes exactly seven months after Google filed another lawsuit in the U.S. against China-based hackers behind a massive Phishing-as-a-Service (PhaaS) platform called Lighthouse that ensnared over 1 million users across 120 countries.
📰 Original Source:TheHackerNews ✍️ Author: info@thehackernews.com (The Hacker News)
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Leave a Reply