Google Sues China-Based 'Outsider Enterprise' Over AI-Powered SMS Phishing Operation
Google has filed a lawsuit against a China-based cybercrime group called 'Outsider Enterprise,' alleging it used AI-powered phishing kits to send millions of scam SMS messages targeting Android users.
Google has filed a lawsuit against an alleged China-based cybercrime operation it says used AI-powered phishing kits to blast out millions of scam text messages and funnel victims to fake websites designed to steal passwords, payment cards, and other sensitive information. The complaint, filed in a U.S. federal court, targets a group Google refers to as the 'Outsider Enterprise,' which the company describes as a sprawling criminal network that operates on Telegram and supplies phishing tools to other fraudsters.
According to Google's filing, the operation has been linked to more than 9,000 fraudulent websites, over one million malicious URLs, and scams that have allegedly defrauded hundreds of thousands of people. The group's business model centers on distributing phishing kits that enable criminals to impersonate Google and other trusted brands through large-scale text message campaigns. Victims are directed to fraudulent websites designed to steal login credentials, payment card details, and other sensitive information.
Google's allegation is not that AI is somehow breaking into people's phones, but rather that the technology appears to have been used to help churn out phishing content, allowing the operation to push more scams, more quickly, and with less effort. Android users flagged more than 55,000 spam texts linked to the operation during a two-week period in May, while the company detected roughly 2.5 million messages containing links to Outsider-controlled websites sent to Android devices during the same time frame.
The lawsuit forms part of a broader effort involving federal law enforcement and U.S. telecom providers. Google said it is coordinating with the FBI, AT&T, T-Mobile, and Verizon to disrupt the infrastructure behind the campaigns and block malicious messages before they reach users. 'The criminals behind the Outsider Enterprise built a business out of impersonating trusted brands to defraud hundreds of thousands of victims,' said Brett Leatherman, assistant director of the FBI's Cyber Division. 'Criminals increasingly use AI to make fraud like this more convincing and harder to detect. Together with partners like Google, we can disrupt criminal networks in ways no single organization could on its own.'
The lawsuit may never put the alleged operators in a courtroom, but it could still help pull apart the infrastructure behind the campaigns. Legal actions of this kind can lead to court orders that force domain registrars and hosting providers to take down malicious sites, effectively dismantling the technical backbone of the operation. Google's move reflects a growing trend of tech companies using civil litigation as a tool to combat cybercrime, particularly when criminal prosecutions face jurisdictional hurdles.
This case also highlights the increasing role of AI in cybercrime. While AI-generated phishing content has been a growing concern, this lawsuit provides concrete evidence of a criminal enterprise leveraging AI at scale. The operation's use of Telegram as a command-and-control hub and distribution platform underscores the challenges law enforcement faces in tracking and disrupting transnational cybercriminal networks. As AI tools become more accessible, experts warn that such operations will likely become more sophisticated and harder to detect.
The lawsuit specifically names Outsider Enterprise, a China-based cybercrime network, and alleges the group used Gemini to generate phishing content at scale, creating over 9,000 fake websites and 1 million fraudulent URLs. Google estimates the operation has caused millions of dollars in losses and affected hundreds of thousands of victims, underscoring how threat actors are weaponizing generative AI to automate and enhance social-engineering attacks.
The lawsuit specifically alleges that Outsider Enterprise members weaponized Gemini to generate custom phishing code, which was then imported into their software suite and converted into live scam pages. Google is seeking damages under the RICO and Lanham Acts, while the FBI's Cyber Division is conducting parallel law enforcement actions. The company is also working with AT&T, T-Mobile, and Verizon to intercept fraudulent messages at the carrier level, and has disabled Gemini accounts linked to the abuse.