TL;DR
Google has sued a suspected Chinese cybercrime group called the Outsider Enterprise for sending 2.5 million fraudulent text messages to Android users. The scammers allegedly used Google’s Gemini chatbot to code malicious websites, coordinated via Telegram, and generated 9,000 fake sites and over one million fraudulent URLs.
Google has filed a lawsuit against a suspected Chinese cybercrime operation it calls the Outsider Enterprise, alleging the group sent more than 2.5 million fraudulent text messages to Android users over a two-week period in May. The messages contained links to fake websites designed to steal personal information, and the scammers reportedly used Google’s own Gemini chatbot to help build those sites.
The complaint, first reported by Bloomberg, accuses the network of targeting hundreds of thousands of people across the United States. According to Google, the operation generated 9,000 fake websites and more than one million fraudulent URLs.
How the operation worked
The Outsider Enterprise coordinated through Telegram, distributing links via text messages that impersonated Google and other trusted brands. The messages contained urgent warnings about supposedly compromised accounts or alerts about package tracking.
Once users clicked, they were redirected to websites that asked for confidential information. The scammers reportedly encouraged one another to use Gemini to write the custom code necessary to create those malicious websites, according to the complaint.
The 💜 of EU tech
The latest rumblings from the EU tech scene, a story from our wise ol’ founder Boris, and some questionable AI art. It’s free, every week, in your inbox. Sign up now!
A pattern of escalation
The lawsuit marks Google’s second major legal action against China-based text message scam operations in seven months. In November 2025, the company filed a RICO lawsuit against a group it called Lighthouse, which operated a “phishing-as-a-service” platform selling ready-made scam kits.
That earlier operation was accused of compromising between 15 million and 100 million credit cards in the US alone, according to CNBC. Google said a temporary restraining order effectively shut Lighthouse down within hours of the complaint being filed.
The Outsider Enterprise case follows the same playbook but adds a new dimension: the explicit use of generative AI as a tool in the scam supply chain. Where Lighthouse sold phishing kits, Outsider’s members allegedly used Gemini to generate code for their own operations.
The AI misuse problem keeps growing
The allegation that scammers used Gemini to build fraudulent infrastructure sits within a broader pattern of AI tools being weaponised for cybercrime. Google’s own Threat Intelligence Group reported in May 2026 that state-sponsored actors from China, North Korea, and Russia are using AI for vulnerability research, autonomous malware development, and supply chain attacks.
ESET, the cybersecurity firm, identified in February 2026 the first known Android malware to integrate generative AI directly into its execution flow. That malware, called PromptSpy, used the Gemini API to autonomously navigate victim devices.
The cybersecurity industry’s push toward governed AI has only intensified as these cases multiply. The pattern is clear: the same tools built to assist developers and consumers are being repurposed by criminal networks.
Telecom companies joined the fight
Google said it worked with AT&T, T-Mobile, and Verizon to block the Outsider Enterprise’s texts from reaching potential victims. Nasrin Rezai, Verizon’s chief information security officer, framed the effort as a cross-industry response.
“We look forward to standing with Google, the telecom industry, and federal law enforcement in this coordinated effort to dismantle malicious domains and disrupt global cybercrime operations,” Rezai said in a statement. The cooperation between a tech platform and the three largest US carriers reflects the scale of the threat.
What the complaint does not say
The complaint did not specify an estimated amount of money lost because of the spam messages. It also did not detail how many victims actually handed over personal information after clicking the fraudulent links.
Meanwhile, China’s own regulators have launched enforcement campaigns against AI misuse, targeting deepfakes, fraud, and disinformation. Whether those domestic efforts will address operations like the Outsider Enterprise, which allegedly targeted US consumers from China, remains an open question.
The flags
The 2.5 million messages and the 9,000 fake websites are figures cited from Google’s own complaint, not independently verified totals. The complaint identifies the defendants as a suspected Chinese operation but does not name individual defendants.
Bloomberg’s report is the primary source for the lawsuit details. The specific claim that scammers used Gemini to write code for malicious websites comes from the complaint itself and has not been independently corroborated beyond Google’s own filings.
