A Chinese cybercrime operation that used artificial intelligence to defraud “hundreds of thousands of victims” has been sued by Google

Google has filed a lawsuit to dismantle the infrastructure behind an alleged massive AI-driven cybercrime operation.

The tech giant on Friday announced a lawsuit against an alleged Chinese cybercrime network called Outsider Enterprise, which Google says uses artificial intelligence in its campaigns to send fraudulent text messages impersonating Google and other brands to steal passwords and credit card numbers.

Outsider Enterprise financially defrauded “hundreds of thousands of victims” with losses “in the millions.” The group posted 9,000 fake websites, 1 million fraudulent web domains, and 2.5 million text messages sent to Android users in a two-week period, according to Google.

“55,000 spam text messages were reported by Android users in just two weeks last May — that’s more than two spam text complaints per minute,” the company said.

Google said it uses “AI-powered tools to fight AI-powered scams,” which enables the company to detect scams and alert users to suspicious calls and text messages, leading to the interception of more than 10 billion scam messages per month.

The company said it is cooperating with AT&T, T-Mobile and Verizon to block fraudulent text messages, and said it is coordinating with the FBI.

An FBI spokesperson told TechCrunch that the bureau, in coordination with Google and Lumen’s Black Lotus Labs, seized several domains used by cybercriminals, as well as Shopify storefronts and accounts used to test the operation’s phishing service.

Since July 2023, Outsider Enterprise’s phishing platform has enabled cybercriminals to steal “an estimated 3,870,000 stolen credit cards and the equivalent of at least $1.9 billion in losses,” the spokesperson said.

Within the external organization

In its complaint filed as part of the lawsuit, Google presented evidence it collected against people involved in Outsider Enterprise operations, whom the company said were cybercriminals based abroad whose true identities were unknown. According to the complaint, this group “built, maintained, and used an off-the-shelf online software suite that enables criminals, regardless of their technical skill, to deploy fraudulent websites designed to rip off victims and enrich themselves.”

Google said its “phishing for dummies” program called Outsider, which costs $88 per week or $200 per month, allows operators to create fake websites with the help of artificial intelligence platforms, including Google’s Gemini platform. Fake websites impersonate many services and companies, such as telecommunications providers, financial institutions, government agencies, and retailers.

To lure people to fake websites, cybercriminals cooperate with each other to send victims malicious text messages or buy advertisements. A common goal is to steal passwords and corresponding multi-factor codes as well as financial information, which fraudsters can do by receiving data that victims enter into fake websites, with the information transmitted through the Outsider platform in real time.

“Part of the appeal of Outsider is the ease with which someone with limited technical expertise — like many members of an organization — can purchase the software, perform various phishing attacks, and upon purchase, meet other members of the organization who are proficient in other areas,” Google wrote, referring to Telegram channels where cybercriminals can collaborate, coach each other, discuss strategies, and develop phishing attacks. “Enterprise brazenly coordinates its efforts in open, largely unencrypted discussions on Telegram.”

According to Google, the Outsider platform allegedly offers cybercriminals “more than 290 pre-built templates that mimic legitimate websites” that generate exact copies of real websites “in minutes,” along with guides on how to “weaponize AI-generated code,” as well as a dashboard to track the progress of phishing campaigns. The cybercriminals allegedly used Google Drive and Google Cloud infrastructure to host phishing websites.

“The Outsider software was used to create more than one million phishing sites to scam innocent victims out of millions of dollars,” Google wrote in the complaint.

To give an idea of ​​the scale of Outsider Enterprise’s work, Google said that over the course of five months, from November 14, 2025, to April 14, 2026, the company discovered more than 1.59 million URLs linking to it.

Google said its Outsider Enterprise operation consists of several groups of cybercriminals: those who develop and maintain phishing software and website templates; those who provide curated target lists from public records, social media, and data breaches; A “spammer group” that provides the tools and Infrastructure for sending fraudulent text messages in bulk, which includes smartphone banks, SIM cards, and modems; And those who monetize the stolen credentials and launder the stolen funds.

Cybercriminals stole “at least 36,000 payment cards issued by financial institutions in 95 countries,” according to Google.

The company accused the people behind Outsider Enterprise of impersonating Google and its trademarks, infringing its copyrights, conducting racketeering activities, committing wire fraud, and false advertising. Through the lawsuit, Google seeks to obtain compensation and punitive damages, and to issue an order preventing criminals from carrying out their activities.

This story was originally published at 10:26 a.m. PT and has since been updated with new information from Google’s complaint and FBI comment.