Google Sues Chinese Cybercrime Network for Using Gemini AI to Target Americans
For as little as $88 a week, the kit allows criminals to create fraudulent websites, launch phishing campaigns, and steal victims’ credit card numbers, bank account credentials, and personal data. This lawsuit sets a significant legal precedent: AI platforms can and will be used as enforceable grounds for civil litigation when threat actors abuse generative models to scale criminal infrastructure, signaling a new front in the fight against AI-enabled cybercrime.
The Criminal Operation
Google on Friday said it’s pursuing legal action against a Chinese cybercrime network, accusing it of using its Gemini artificial intelligence (AI) agent to send phishing text messages targeting Americans.
Further details indicate that “The texts prompt users to click a link leading to a fraudulent website that mimics trusted institutions to steal personal and financial information.” Google said it’s filing the lawsuit to dismantle the network’s infrastructure, and that it’s partnering with AT&T, T-Mobile, and Verizon to block such messages from reaching customers.
“Following those instructions, Enterprise members can use AI tools to generate programming code for a shell website, and copy and paste that code into Outsider to transform that shell into a fraudulent site that can be used to steal personal or financial information from their victims.” Google said the prompts for Gemini and other AI platforms are framed as harmless requests for programming assistance, asking the model to generate HTML code to design a “gift redemption page” with the desired functionality and features, and instructing it to avoid using JavaScript and employ inline CSS to implement it.
Google is backing seven bipartisan bills targeting AI-driven scams, including the Stop SCAMS Act championed by Congressmen Brian Fitzpatrick and Josh Harder, which would create a national coordinated strategy uniting law enforcement, government agencies, and private industry to combat transnational cybercrime rings.
“The texts prompt users to click a link leading to a fraudulent website that mimics trusted institutions to steal personal and financial information.”, Spokesperson
Victims & Losses
In a two-week period from May 18 to June 1, 2026, Outsider was responsible for 55,000 spam texts flagged by Android users. During the same timeframe, 2.5 million messages were sent by the network to Android users containing links to Outsider-generated websites.
In addition, 9,000 fake websites and more than 1.59 million fraudulent URLs tied to the phishing service have been identified between November 14, 2025, and April 14, 2026.
Protection Steps
-
“We’re filing a lawsuit to dismantle their infrastructure, coordinating with the FBI who will be taking law enforcement actions, and will continue to work with AT&T, T-Mobile and Verizon to block these texts before they reach you,” Google wrote.
-
The company has also disabled Gemini accounts and infrastructure confirmed to be linked to abuse of the model.
Analysis
As AI tooling proliferates, security teams face expanding attack surfaces tied to model inference and data pipelines.
Sources
SecurityXP delivers daily cybersecurity news, vulnerability analysis, data breach reports, and threat intelligence.
Security Digest
Get the latest cybersecurity news, vulnerability alerts, and threat intelligence delivered to your inbox.
Related Articles
14,971 WordPress Sites Cleaned in Global SocGholish Takedown Cybercrime
Data from Infoblox shows that approximately 55% of its cloud customers attempted to reach SocGholish infrastructure this year alone, with the attacks...
CybercrimeScattered Spider Hackers Plead Guilty on Day 1 of Trial Cybercrime
According to the NCA, the cyberattack at TfL forced all 28,000 employees to visit their local offices to reset their passwords and caused £29 million...
CybercrimeConti Ransomware Conspirator Pleads Guilty in $150M Scheme Cybercrime
Department of Justice announced that Oleksii Oleksiyovych Lytvynenko, 44, admitted to participating in a conspiracy that deployed Conti ransomware against...
CybercrimeEx-school district employee jailed for hacks on former employer Cybercrime
Potter is also required to pay $59,668.81 in restitution to the Saydel Community School District and its insurer, Travelers Casualty and Surety Company, for...