Google Sues Chinese Cybercrime Network for Using Gemini AI to…

For as little as $88 a week, the kit allows criminals to create fraudulent websites, launch phishing campaigns, and steal victims’ credit card numbers, bank account credentials, and personal data. This lawsuit sets a significant legal precedent: AI platforms can and will be used as enforceable grounds for civil litigation when threat actors abuse generative models to scale criminal infrastructure, signaling a new front in the fight against AI-enabled cybercrime.

The Criminal Operation

Google on Friday said it’s pursuing legal action against a Chinese cybercrime network, accusing it of using its Gemini artificial intelligence (AI) agent to send phishing text messages targeting Americans.

Further details indicate that “The texts prompt users to click a link leading to a fraudulent website that mimics trusted institutions to steal personal and financial information.” Google said it’s filing the lawsuit to dismantle the network’s infrastructure, and that it’s partnering with AT&T, T-Mobile, and Verizon to block such messages from reaching customers.

“Following those instructions, Enterprise members can use AI tools to generate programming code for a shell website, and copy and paste that code into Outsider to transform that shell into a fraudulent site that can be used to steal personal or financial information from their victims.” Google said the prompts for Gemini and other AI platforms are framed as harmless requests for programming assistance, asking the model to generate HTML code to design a “gift redemption page” with the desired functionality and features, and instructing it to avoid using JavaScript and employ inline CSS to implement it.

Google is backing seven bipartisan bills targeting AI-driven scams, including the Stop SCAMS Act championed by Congressmen Brian Fitzpatrick and Josh Harder, which would create a national coordinated strategy uniting law enforcement, government agencies, and private industry to combat transnational cybercrime rings.

“The texts prompt users to click a link leading to a fraudulent website that mimics trusted institutions to steal personal and financial information.”, Spokesperson

Victims & Losses

In a two-week period from May 18 to June 1, 2026, Outsider was responsible for 55,000 spam texts flagged by Android users. During the same timeframe, 2.5 million messages were sent by the network to Android users containing links to Outsider-generated websites.

In addition, 9,000 fake websites and more than 1.59 million fraudulent URLs tied to the phishing service have been identified between November 14, 2025, and April 14, 2026.

Protection Steps

1. “We’re filing a lawsuit to dismantle their infrastructure, coordinating with the FBI who will be taking law enforcement actions, and will continue to work with AT&T, T-Mobile and Verizon to block these texts before they reach you,” Google wrote.

2. The company has also disabled Gemini accounts and infrastructure confirmed to be linked to abuse of the model.

Analysis

As AI tooling proliferates, security teams face expanding attack surfaces tied to model inference and data pipelines.

Sources

1. https://blog.google/innovation-and-ai/technology/safety-security/combatting-ai-scams/