Google is suing to dismantle the infrastructure behind a massive AI-powered cybercrime operation.
On Friday, the tech giant announced it would file a lawsuit against an alleged Chinese cybercrime network called Outsider Enterprise. Google claims that a Chinese cybercrime network called Outsider Enterprises is using AI in campaigns to impersonate Google and other brands to send fraudulent text messages and steal passwords and credit card numbers.
Outsider Enterprises financially defrauded “hundreds of thousands of victims” with losses “estimated to be in the millions of dollars.” According to Google, the group deployed 9,000 fake websites, 1 million fraudulent web domains, and sent 2.5 million texts to Android users in two weeks.
“In just two weeks in May of this year, 55,000 spam texts were reported by Android users, which equates to more than two text spam complaints every minute,” the company said.
Google said it uses “AI-powered tools to fight AI-powered fraud” that allow the company to detect fraud and alert users to suspicious calls and text messages, leading to the interception of more than 10 billion fraudulent messages each month.
The company said it is working with AT&T, T-Mobile and Verizon to block fraudulent text messages, and is also working with the FBI.
An FBI spokesperson told TechCrunch that the agency worked with Google and Lumen’s Black Lotus Labs to seize several domains used by cybercriminals, as well as Shopify storefronts and accounts used to test the operation’s phishing service.
A spokesperson said that since July 2023, Outsider Enterprise’s phishing platform has allowed cybercriminals to steal “at least an estimated 3.87 million stolen credit cards and corresponding estimated losses of $1.9 billion.”
Inside Outsider Enterprise
In a complaint filed as part of the lawsuit, Google lists evidence it has collected against people involved in operating Outsider Enterprises, which it said are unidentified foreign-based cybercriminals. The group “builds, maintains, and uses a turnkey online software suite that allows criminals, regardless of their technical skills, to publish fraudulent websites for the purpose of extorting money from victims and enriching themselves,” according to the complaint.
Google says the “phishing for dummies” software, called Outsider, costs $88 a week or $200 a month and allows operators to create fake websites with the help of AI platforms, including Google’s own Gemini. Fake sites impersonate several services and businesses, including telecommunications providers, financial institutions, government agencies, and retailers.
To lure people to fake websites, cybercriminals collaborate with each other to send malicious text messages to victims or buy advertisements. A common goal is to steal passwords and their corresponding multi-factor codes, as well as financial information, which fraudsters can do by receiving data entered by victims on fake websites and having that information transmitted in real-time through an outsider’s platform.
“Part of the appeal of outsider software is that, like many members of the enterprise, it is easy for people with limited technical expertise to buy the software, run various phishing attacks, and then meet enterprise members who are knowledgeable in other areas,” Google writes, referring to Telegram channels where cybercriminals can collaborate, train each other, discuss strategies, and develop phishing attacks. “Enterprise is boldly coordinating its efforts in open and largely uncoded discussions on Telegram.”
According to Google, the Outsider platform provides cybercriminals with “more than 290 pre-built templates that mimic legitimate websites” to generate replicas of real websites “in minutes,” as well as guides on how to “weaponize AI-generated code” and a dashboard to track the progress of phishing campaigns. Cybercriminals allegedly used Google Drive and Google Cloud infrastructure to host phishing websites.
“The Outsider software was used to create more than one million phishing websites for the purpose of defrauding innocent victims of millions of dollars,” Google said in the complaint.
To give an idea of the scale of Outsider Enterprise’s business, Google said it detected over 1.59 million URLs connected to Outsider Enterprise over a five-month period from November 14, 2025 to April 14, 2026.
Google said the Outsider Enterprise operation is comprised of several cybercriminal groups. Those who provide a list of targets curated from public records, social media, and data breaches. “Spammer groups” provide the tools and infrastructure to send large numbers of fraudulent texts. This includes smartphone banks, SIM cards, and modems. and those who monetize stolen credentials and launder stolen money.
Google said the cybercriminals stole “at least 36,000 payment cards issued by financial institutions in 95 countries.”
The company accused those behind Outsider Enterprise of impersonating Google and its brands, committing copyright infringement, racketeering, wire fraud, and false advertising. In this lawsuit, Google is seeking compensatory and punitive damages, as well as an order for the perpetrators to cease operations.
This article was originally published at 10:26 a.m. PDT and has since been updated with new information from Google’s complaint and FBI comments.
If you buy through links in our articles, we may earn a small commission. This does not affect editorial independence.
