On Friday, **Google** announced it is pursuing legal action against a Chinese cybercrime network. The tech giant alleges the network is using its **Gemini** artificial intelligence (AI) agent to create and deploy sophisticated phishing text messages aimed at American citizens. According to **Google**, this network is responsible for the development and management of a Phishing-as-a-Service (**PhaaS**) software kit known as **Outsider**. "The operation weaponized **Gemini** to help generate fraudulent phishing pages and deploy massive SMS phishing ('smishing') attacks, often through text messages impersonating legitimate brands, alerting recipients of 'brokerage account issues' or insisting they are eligible for 'rewards through their mobile phone carrier,'" **Google** stated. These messages prompt users to click links leading to fake websites designed to mimic trusted institutions and steal personal and financial information. **Google**'s lawsuit aims to dismantle the network's infrastructure. The company is also collaborating with major U.S. carriers, including **AT&T**, **T-Mobile**, and **Verizon**, to block these malicious messages from reaching customers. ### The Outsider Phishing-as-a-Service Kit **Outsider**'s operations are reportedly coordinated via **Telegram**. The network distributes phishing kits that enable threat actors to send deceptive text messages purporting to be from trusted brands. These schemes are estimated to have defrauded over 100,000 people, leading to millions in financial losses. From November 14, 2025, to April 14, 2026, over 9,000 fake websites and more than 1.59 million fraudulent URLs linked to the **Outsider** service were identified. In a two-week period between May 18 and June 1, 2026, **Outsider** was responsible for 55,000 spam texts flagged by **Android** users. During the same timeframe, the network sent 2.5 million messages containing **Outsider**-generated links to **Android** users. For as little as $88 per week, the **Outsider** kit allows criminals to create fraudulent websites, launch phishing campaigns, and steal victims' credit card numbers, bank account credentials, and personal data. Licenses can be purchased through a "self-service ordering bot" on **Telegram** (@OutsiderCodeBot). ### AI Augmentation and Sophistication The service offers more than 290 pre-built templates that impersonate legitimate websites, real-time keystroke logging, and a performance dashboard to track campaign effectiveness. "As if **Outsider**'s plug-and-play simplicity were not alarming enough, the Enterprise has made the tool even more powerful by providing step-by-step instructions on how **Outsider** can weaponize AI-generated code," **Google** detailed in its complaint filed in Manhattan federal court. Following these instructions, members of the **Outsider** Enterprise can use AI tools to generate programming code for a shell website. This code can then be copied and pasted into **Outsider** to transform the shell into a fraudulent site capable of stealing personal or financial information. **Google** explained that prompts for **Gemini** and other AI platforms are framed as innocuous requests for programming assistance. For example, bad actors might ask the AI model to generate HTML code for a "gift redemption page" with specific functionalities, instructing it to avoid JavaScript and use inline CSS. Once the counterfeit website is live, its URL is disseminated to potential victims via text messages. ### The Outsider Enterprise Structure The **Outsider** Enterprise comprises several interconnected groups, each playing a distinct role in executing phishing attacks: * **The Developer Group:** Supplies the phishing software and templates. * **The Data Broker Group:** Provides curated lists of targets. * **The Spammer Group:** Offers tools for sending bulk fraudulent text messages. * **The Theft Group:** Monetizes stolen information (e.g., credit cards, credentials) and launders funds. * **The Telegram Group:** Facilitates collaboration among members and recruits new participants. Such **PhaaS** services, similar to the recently disrupted **Sniper Dz** platform, significantly lower the barrier to entry for novice fraudsters. They enable individuals without programming knowledge to mount convincing and large-scale phishing attacks with minimal effort. "The criminals behind the **Outsider** Enterprise built a business out of impersonating trusted brands to defraud hundreds of thousands of victims," said Brett Leatherman, assistant director of the U.S. Federal Bureau of Investigation's (**FBI**) Cyber Division. "Criminals increasingly use AI to make fraud like this more convincing and harder to detect." This development follows **Google**'s previous lawsuit seven months ago against China-based hackers operating another massive **PhaaS** platform called **Lighthouse**, which had ensnared over 1 million users across 120 countries. ### Update The **Telegram** bot (@OutsiderCodeBot) previously used to purchase **Outsider** licenses is no longer accessible.