ZadeNor AI
Back to Blog
Cybersecurity

Google Sues to Disrupt Chinese SMS Phishing Triad

December 3, 2025
5 min
2,428 views
By ZadeNor AI Team
Google Sues to Disrupt Chinese SMS Phishing Triad

Google Sues to Disrupt Chinese SMS Phishing Triad

Google Sues to Disrupt Chinese SMS Phishing Triad

Google has taken a significant step in combating the growing threat of SMS phishing by filing a lawsuit against more than two dozen unnamed individuals allegedly involved in peddling a popular China-based mobile phishing service. The service, known as Lighthouse, has been used to target hundreds of trusted brands, blast out text message lures, and convert phished payment card data into mobile wallets from Apple and Google.

The Scale of the Problem

The scale of the Lighthouse phishing attacks is staggering. According to a May 2025 report from Silent Push, the domains used by the Smishing Triad are rotated frequently, with approximately 25,000 phishing domains active during any 8-day period. This suggests that the group is highly organized and has a significant infrastructure in place to support their operations.

How Lighthouse Works

Lighthouse is a sophisticated phishing kit that makes it simple for even novices to steal payment card data from mobile users. The kit includes over 600 templates for phishing websites of more than 400 entities, and Google's logos were featured on at least a quarter of those templates. The phishing sites are designed to look like legitimate websites, and they use various tactics to trick victims into entering their payment information.

The Smishing Triad

The Smishing Triad is a group of threat actors that work together to design and implement complex criminal schemes targeting the general public. The group includes a "developer group" that supplies the phishing software and templates, a "data broker group" that provides a list of targets, a "spammer group" that provides the tools to send fraudulent text messages in volume, a "theft group" that monetizes the phished information, and an "administrative group" that runs their Telegram support channels and discussion groups designed to facilitate collaboration and recruit new members.

Google's Lawsuit

Google's lawsuit alleges that the purveyors of Lighthouse violated the company's trademarks by including Google's logos on countless phishing websites. The complaint says Lighthouse offers over 600 templates for phishing websites of more than 400 entities, and that Google's logos were featured on at least a quarter of those templates. Google is also pursuing Lighthouse under the Racketeer Influenced and Corrupt Organizations (RICO) Act, saying the Lighthouse phishing enterprise encompasses several connected threat actor groups that work together to design and implement complex criminal schemes targeting the general public.

The Impact of Google's Lawsuit

Google's lawsuit may temporarily disrupt the Lighthouse operators, and could make it easier for U.S. federal authorities to bring criminal charges against the group. However, the Chinese mobile phishing market is so lucrative right now that it's difficult to imagine a popular phishing service voluntarily turning out the lights. According to Silent Push, a majority of the phishing sites created with these kits are sitting at two Chinese hosting companies: Tencent (AS132203) and Alibaba (AS45102).

The Future of Phishing

If Google can bring that kind of legal pressure consistently over time, they might succeed in increasing costs for the phishers and more frequently disrupting their operations. However, the Lighthouse guys will probably burn down their Telegram channels and disappear for a while. They might call it something else or redevelop their service entirely. But I don't believe for a minute they're going to close up shop and leave forever.

Conclusion

The fight against phishing is a never-ending battle, and Google's lawsuit is just one piece of the puzzle. As long as there are people looking to make a quick buck by exploiting others, there will be phishing. But with the help of companies like Google, and the efforts of law enforcement and cybersecurity experts, we can make it harder for phishers to operate and make it safer for users to navigate the online world.

Forward-Looking Thoughts

As the phishing landscape continues to evolve, it's essential for users to stay vigilant and take steps to protect themselves. This includes being cautious when clicking on links or entering sensitive information online, using strong passwords and two-factor authentication, and keeping software and operating systems up to date. By working together, we can create a safer online environment for everyone.

Implications

The implications of Google's lawsuit are far-reaching, and it has the potential to disrupt the entire phishing ecosystem. If successful, it could lead to a significant decrease in phishing attacks and a safer online environment for users. However, it's essential to note that phishing is a constantly evolving threat, and new tactics and techniques will emerge in response to these efforts.

Real-World Applications

The real-world applications of Google's lawsuit are numerous. It has the potential to impact not only individuals but also businesses and organizations that rely on online transactions. By reducing the number of phishing attacks, it can help to increase trust and confidence in online transactions, which can have a positive impact on the economy.

Technical Details

The technical details of Lighthouse are complex and involve the use of various tools and techniques to create and distribute phishing sites. The kit includes over 600 templates for phishing websites of more than 400 entities, and Google's logos were featured on at least a quarter of those templates. The phishing sites are designed to look like legitimate websites, and they use various tactics to trick victims into entering their payment information.

Accessibility

The accessibility of Lighthouse is a significant concern, as it has been used to target hundreds of trusted brands and blast out text message lures. The kit is designed to be user-friendly, making it accessible to even novice phishers. However, this also means that it's essential for users to be cautious when clicking on links or entering sensitive information online.

Conclusion

In conclusion, Google's lawsuit against the Lighthouse phishing service is a significant step in combating the growing threat of SMS phishing. The scale of the problem is staggering, and the implications are far-reaching. By working together, we can create a safer online environment for everyone.

Source: https://krebsonsecurity.com/2025/11/google-sues-to-disrupt-chinese-sms-phishing-triad/

Source: https://krebsonsecurity.com/2025/11/google-sues-to-disrupt-chinese-sms-phishing-triad/

About the Author

ZadeNor AI Team is a leading expert in CYBERSECURITY, contributing to cutting-edge research and development in the field.

Share this article

TwitterLinkedInFacebookWhatsAppRedditEmail

Related Posts

Alleged Kimwolf Botmaster 'Dort' Arrested, Charged in U.S. and Canada

Alleged Kimwolf Botmaster 'Dort' Arrested, Charged in U.S. and Canada

Canadian authorities on Wednesday arrested a 23-year-old Ottawa man on suspicion of building and operating Kimwolf, a fast spreading Internet-of-Things botnet that enslaved millions of devices for use in a series of massive distributed denial-of-service (DDoS) attacks over the past six months. KrebsOnSecurity publicly named the suspect in February 2026 after the accused launched a volley of DDoS, doxing and swatting campaigns against this author and a security researcher. He now faces criminal hacking charges in both Canada and the United States.

419
5 min
CISA Admin Leaked AWS GovCloud Keys on Github

CISA Admin Leaked AWS GovCloud Keys on Github

Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts said the public archive included files detailing how CISA builds, tests and deploys software internally, and that it represents one of the most egregious government data leaks in recent history.

411
5 min
'Scattered Spider' Member 'Tylerb' Pleads Guilty

'Scattered Spider' Member 'Tylerb' Pleads Guilty

A 24-year-old British national and senior member of the cybercrime group "Scattered Spider" has pleaded guilty to wire fraud conspiracy and aggravated identity theft. Tyler Robert Buchanan admitted his role in a series of text-message phishing attacks in the summer of 2022 that allowed the group to hack into at least a dozen major technology companies and steal tens of millions of dollars worth of cryptocurrency from investors.

589
5 min