Google Files Lawsuit Against Chinese Cybercrime Network Accused of AI-Powered Scams

Google has filed a lawsuit to dismantle the infrastructure of an alleged large-scale cybercrime operation that the company says used artificial intelligence to power phishing and fraud campaigns targeting consumers worldwide.

The lawsuit targets a group Google refers to as Outsider Enterprise, an alleged China-based cybercrime network accused of sending fraudulent text messages that impersonated Google and other trusted brands to steal passwords, financial information, and credit card details.

According to Google, the operation defrauded hundreds of thousands of victims and caused losses estimated in the millions of dollars. The company claims the group created approximately 9,000 fake websites, registered more than one million fraudulent domains, and sent around 2.5 million scam text messages to Android users within two weeks.

Google said that Android users reported 55,000 spam text messages during two weeks in May, averaging more than two complaints every minute.

The company noted that it relies on AI-powered security systems to combat increasingly sophisticated AI-driven scams. Those tools help identify fraudulent activity and warn users about suspicious calls and text messages, contributing to the blocking of more than 10 billion scam messages every month.

Google also said it has worked closely with major telecommunications providers, including AT&T, T-Mobile, and Verizon, to block malicious text campaigns. In addition, the company confirmed it has coordinated efforts with the FBI.

An FBI spokesperson said that, working alongside Google and Lumen’s Black Lotus Labs, investigators seized multiple domains linked to the operation as well as Shopify storefronts and accounts allegedly used to test phishing services.

According to the FBI, Outsider Enterprise’s phishing platform has enabled cybercriminals to steal an estimated 3.87 million credit card records since July 2023, resulting in roughly $1.9 billion in losses.

Inside the Alleged Outsider Enterprise Operation

In its court filing, Google described Outsider Enterprise as a network of foreign-based cybercriminals whose identities remain unknown. The company alleges that the group developed and operated a turnkey phishing platform that allowed individuals with little technical expertise to launch sophisticated online fraud campaigns.

The software, known as Outsider, reportedly costs $88 per week or $200 per month and enables users to build fake websites using AI tools, including Google’s Gemini. According to the complaint, the platform can imitate telecommunications providers, financial institutions, retailers, government agencies, and other trusted organisations.

To direct victims to those fraudulent websites, operators allegedly sent phishing text messages or purchased online advertisements. Once victims entered login credentials, multi-factor authentication codes, or financial information, the data was transmitted to attackers in real time through the Outsider platform.

Google said that part of the platform’s appeal is its simplicity, which allows inexperienced cybercriminals to purchase the service and collaborate with more experienced members through Telegram channels. These groups allegedly shared training materials, phishing tactics, and operational guidance in largely public discussions.

The company claims the platform includes more than 290 ready-made website templates that can replicate legitimate websites within minutes. It also reportedly provides guidance on using AI-generated code and dashboards to monitor phishing campaigns. Google alleges that attackers used both Google Drive and Google Cloud services to host portions of the fraudulent infrastructure.

According to the complaint, Outsider software has been used to create more than one million phishing websites. Between November 2025 and April 2026 alone, Google detected more than 1.59 million URLs connected to the operation.

Google said the broader enterprise consists of multiple specialised groups, including developers maintaining the phishing software, operators compiling target lists from public records and data breaches, spammers responsible for mass-text infrastructure, and individuals focused on monetising stolen information and laundering proceeds.

The company estimates that the operation has compromised at least 36,000 payment cards issued by financial institutions across 95 countries.

Google’s lawsuit accuses those behind Outsider Enterprise of trademark infringement, copyright violations, racketeering, wire fraud, and false advertising. The company is seeking compensatory and punitive damages, as well as court orders intended to prevent the alleged cybercriminals from continuing their activities.