Google has filed a lawsuit against a Chinese cybercrime network accused of using its Gemini AI agent to power a phishing-as-a-service (PhaaS) platform called Outsider. The operation targeted Americans with SMS phishing (smishing) messages impersonating trusted brands, leading to millions in losses and over 100,000 victims.
Outsider, coordinated via Telegram, offered phishing kits with pre-built templates, keystroke logging, and a performance dashboard. For as little as $88 per week, criminals could create fraudulent websites and launch campaigns. The network weaponized Gemini to generate HTML code for phishing pages, with prompts framed as harmless programming requests.
Google partnered with AT&T, T-Mobile, and Verizon to block malicious messages. The FBI’s Operation Ghost Hook, part of Operation Riptide, seized domains, confiscated $100,000 USDT, and disrupted thousands of phishing domains. The PhaaS platform is linked to an estimated 3.87 million stolen credit cards and $1.9 billion in losses since July 2023.
CVEs: CVE-2026-11645
Attack groups: Outsider Enterprise, Developer Group, Data Broker Group, Spammer Group, Theft Group, Telegram Group
Companies: Google, AT&T, T-Mobile, Verizon, Shopify
Events: Operation Ghost Hook, Operation Riptide
Original source: thehackernews.com