15 hours ago
1775
A federal lawsuit was filed by Google on Friday against a China-based cybercrime network which, officials claim, used Googleβs Gemini AI to conduct a phishing campaign that is now linked by the FBI to 3.87 million stolen credit cards and a total $1.9 billion in losses since July 2023.
The network, which Google calls βOutsider Enterprise,β sold phishing software as a subscription for $88 per week or $200 per month, according to the complaint filed in Manhattan federal court.
Buyers got access to more than 290 ready-made website templates impersonating banks, telecom providers, government agencies, shipping companies, state DMVs, New Yorkβs E-ZPass, NYC government services, and retailers, along with step-by-step instructions for using AI platforms to generate convincing fake pages.
Google is pursuing claims under the Racketeer Influenced and Corrupt Organizations Act, alongside trademark infringement and misuse of Google Cloud and Drive services.
The FBI traced 3.87 million stolen cards and $1.9 billion in losses to one network
Between November 14, 2015 and April 14, 2016, Google flagged over 1.59 million URLs associated with the phishing service.
During a two-week period in May this year, Android users reported 55,000 spam texts linked to the operation, and 2.5 million Android devices received texts containing Outsider-generated website links.
According to an FBI assistant director, Brett Leatherman, financial losses are βmuch higherβ than those reported by Google. The Outsider platform allowed attackers to compromise approximately 3.87 million credit card numbers and resulted in estimated losses totaling $1.9 billion since July of 2023.
The bureau says attacks hit people and businesses in 55 countries. The payment cards themselves were issued by financial institutions in 95 countries, per Googleβs complaint.
βCriminals increasingly use AI to make fraud like this more convincing and harder to detect,β Leatherman said.
Outsider sold a turn-key phishing platform that runs on Telegram and Gemini
The Outsider software functions as a turnkey phishing platform that requires no coding ability. Subscribers buy access through a Telegram bot, then use pre-built templates to spin up fake websites in minutes. The platform offers real-time dashboards, keystroke logging, automated credential harvesting, and tools to bypass multifactor authentication.
According to Googleβs complaint, the network distributed detailed tutorials on how its members can use Gemini and other Google AI tools to create shell site HTML. The requests for Gemini were worded to appear like harmless programming requests to create a βgift redemption pageβ with desired features, while not including JavaScript and using inline CSS.
Once a fake site goes live, the operationβs βspammer groupβ blasts out text messages impersonating trusted brands. Common lures include missed packages, unpaid tolls, parking violations, brokerage account problems, and mobile carrier rewards.
Victims who click through and enter their credentials hand over data in real time through the platformβs keystroke logging system.
The network ran like a company with four specialized divisions
Googleβs complaint describes Outsider Enterprise as a structured organization. One group develops and maintains the phishing software and templates.
Another curates target lists from public records, social media, and data breaches.
A third handles bulk SMS infrastructure, operating smartphone banks, SIM cards, and modems.
A fourth monetizes stolen credentials and launders funds. Members coordinate openly on Telegram, where they train each other, share strategies, and recruit new participants.
Operation Ghost Hook combined a civil lawsuit with FBI infrastructure seizures
The joint operation, dubbed βOperation Ghost Hook,β netted the seizure of several core admin domains, a Shopify storefront, roughly $100,000 from Outsider payment wallets, and thousands of domains registered through US-based providers.
The FBI even used Outsiderβs own Telegram bot to access information on the networkβs customers. Google coordinated with the FBI and Lumen Technologiesβ Black Lotus Labs on the takedown, and is working with AT&T, T-Mobile, and Verizon to block Outsider-linked texts from reaching customers. Google said its AI-powered defenses intercept more than 10 billion scam messages per month.
The case is Googleβs second major action against China-based phishing-as-a-service in seven months. As Cryptopolitan reported in May, Googleβs Threat Intelligence Group caught the first zero-day exploit built with AI assistance, attributed to Chinese and North Korean groups.
In November 2025, Google sued a separate operation called Lighthouse, which targeted more than 1 million victims across 120 countries and offered over 600 templates impersonating 400 entities.
That earlier suit, also brought under RICO, effectively shut Lighthouse down within hours via a temporary restraining order. The Outsider case extends that approach into the AI era, with the model layer doing the work that human coders did for Lighthouse.
The smartest crypto minds already read our newsletter. Want in? Join them.
![KOSPI Index Crash, South Korea Stock Market Bloodbath [LIVE] β 8th June](https://image.coinpedia.org/wp-content/uploads/2026/03/03183804/Korean-Stock-Market-Crash-KOSPI-Plunges-7-Amid-U.S.%E2%80%93Israel-Iran-War-1-1024x536.webp)
English (US)