Google sues China-based cybercrime ring over AI-driven text scams

Google filed a lawsuit against an alleged China-based cybercrime collective known as "Outsider Enterprise," accusing the group of utilizing artificial intelligence tools to facilitate widespread phishing attacks that targeted millions of Android users through fraudulent text messages during a two-week period in May.

Cybercrime network targeted millions via 'smishing'

The legal complaint identifies the defendants as members of an organized operation that coordinated through Telegram channels to distribute phishing kits enabling mass impersonation of Google and other trusted brands. The network dispatched approximately 2.5 million messages to Android users over a two-week span in May, directing recipients to malicious websites designed to harvest credentials, while Android users flagged approximately 55,000 spam texts during the same period. The fraudulent campaigns employed urgent social engineering tactics, including warnings about compromised accounts and fake package-tracking alerts, to persuade victims to click malicious links linked to roughly 9,000 fake websites hosting more than 1 million fraudulent URLs.

Google Gemini used to write malicious code

Google alleged that members of the cybercrime network specifically encouraged one another to use the company's Gemini chatbot to generate custom code for malicious websites. The technology giant said it coordinated with major US carriers including AT&T, T-Mobile, and Verizon to block the fraudulent messages before delivery, while simultaneously working alongside federal law enforcement agencies. The legal action arrives as technology companies and telecommunications operators face intensifying pressure to dismantle automated "smishing" infrastructure that leverages trusted brand identities and large-scale messaging systems to exploit mobile users.