Chinese cybercrime operation that used AI to scam ‘hundreds of thousands of victims’ sued by Google
Chinese cybercrime operation that used AI to scam ‘hundreds of thousands of victims’ sued by Google
谷歌起诉利用人工智能诈骗“数十万受害者”的中国网络犯罪团伙
Google is suing to dismantle the infrastructure behind an alleged massive AI-powered cybercrime operation. On Friday, the tech giant announced a lawsuit against an alleged Chinese cybercrime network called Outsider Enterprise, which Google says uses AI in its campaigns to send scam text messages impersonating Google and other brands to steal passwords and credit card numbers. 谷歌正在提起诉讼,旨在拆除一个涉嫌大规模利用人工智能进行网络犯罪的团伙背后的基础设施。周五,这家科技巨头宣布对一个名为“Outsider Enterprise”的中国网络犯罪团伙提起诉讼。谷歌表示,该团伙利用人工智能发送冒充谷歌及其他品牌的诈骗短信,以窃取用户的密码和信用卡号。
Outsider Enterprise has financially scammed “hundreds of thousands of victims” with losses “estimated in the millions.” The group deployed 9,000 fake websites, one million fraudulent web domains, and 2.5 million texts sent to Android users in a two-week period, according to Google. The company said, “55,000 spam texts were flagged by Android users in just two weeks this past May — that’s more than two text spam complaints a minute.” 据谷歌称,Outsider Enterprise 已经诈骗了“数十万名受害者”,造成的损失“估计达数百万美元”。该团伙在两周内部署了 9,000 个虚假网站、100 万个欺诈性域名,并向安卓用户发送了 250 万条短信。谷歌表示:“今年 5 月,仅两周内就有 55,000 条垃圾短信被安卓用户举报——这意味着平均每分钟就有超过两起短信垃圾信息投诉。”
Google said it uses “AI-powered tools to fight AI-powered scams,” which enable the company to detect scams and alert users of suspicious calls and text messages, leading to the interception of more than 10 billion scam messages a month. The company said it has been collaborating with AT&T, T-Mobile, and Verizon to block the scam text messages, and said it is coordinating with the FBI. 谷歌表示,它正在使用“人工智能驱动的工具来打击人工智能驱动的诈骗”,这使公司能够检测诈骗并提醒用户注意可疑的电话和短信,每月拦截超过 100 亿条诈骗信息。该公司表示,一直在与 AT&T、T-Mobile 和 Verizon 合作拦截这些诈骗短信,并正在与美国联邦调查局(FBI)进行协调。
An FBI spokesperson told TechCrunch that the bureau, in coordination with Google and Lumen’s Black Lotus Labs, seized several domains used by the cybercriminals, as well as Shopify storefronts and accounts used to test the operation’s phishing service. The spokesperson said that since July 2023, Outsider Enterprise’s phishing platform enabled cybercriminals to steal “at least an estimated 3,870,000 stolen credit cards and a corresponding estimated $1.9B in losses.” FBI 发言人告诉 TechCrunch,该局在与谷歌及 Lumen 的 Black Lotus Labs 协调下,查封了网络犯罪分子使用的多个域名,以及用于测试该团伙钓鱼服务的 Shopify 店铺和账户。发言人表示,自 2023 年 7 月以来,Outsider Enterprise 的钓鱼平台已导致网络犯罪分子窃取了“至少约 387 万张信用卡,并造成了约 19 亿美元的损失”。
Inside Outsider Enterprise
深入了解 Outsider Enterprise
In its complaint filed as part of the lawsuit, Google laid out the evidence it gathered against people involved in the Outsider Enterprise operations, whom the company said are foreign-based cybercriminals whose real identities are unknown. This group “built, maintains, and uses a turn-key, online software suite that enables criminals, regardless of technical skill, to publish fraudulent websites designed to rob victims and enrich themselves,” according to the complaint. 在作为诉讼一部分提交的起诉书中,谷歌列举了针对 Outsider Enterprise 运营人员收集的证据。谷歌称,这些人是身份不明的境外网络犯罪分子。起诉书指出,该团伙“构建、维护并使用一套‘交钥匙’式在线软件套件,使犯罪分子无论技术水平如何,都能发布旨在抢劫受害者并中饱私囊的欺诈网站”。
Google said this “phishing-for-dummies” software called Outsider, which costs $88 per week or $200 per month, allows operators to create fake websites with the help of AI platforms, including Google’s own Gemini. The fake sites impersonate several services and companies, such as telecom providers, financial institutions, government agencies, and retailers. 谷歌表示,这款名为“Outsider”的“傻瓜式钓鱼”软件每周收费 88 美元或每月 200 美元,允许操作者在包括谷歌自家 Gemini 在内的人工智能平台帮助下创建虚假网站。这些虚假网站冒充电信运营商、金融机构、政府机构和零售商等多种服务和公司。
To lure people to the fake websites, the cybercriminals collaborate with one another to send victims malicious text messages, or purchase ads. The common goal is to steal passwords and corresponding multi-factor codes as well as financial information, which the scammers can do by receiving the data that victims input into the fake websites, with the information being transmitted through Outsider’s platform in real time. 为了诱导人们访问虚假网站,网络犯罪分子相互协作,向受害者发送恶意短信或购买广告。其共同目标是窃取密码、相应的多因素验证码以及财务信息。诈骗者通过接收受害者在虚假网站上输入的数据来实现这一目的,这些信息会通过 Outsider 的平台实时传输。
“Part of the Outsider software’s appeal is the ease with which someone with limited technical expertise — like many members of the Enterprise— can purchase the software, execute various phishing attacks, and, upon purchase, meet other members of the Enterprise who are proficient in other areas,” Google wrote, referring to Telegram channels where the cybercriminals can collaborate, train each other, discuss strategies, and develop phishing attacks. “The Enterprise brazenly coordinates its efforts in open and largely uncoded discussions on Telegram.” “Outsider 软件的部分吸引力在于,即使是技术水平有限的人——比如该团伙的许多成员——也能轻松购买该软件、执行各种钓鱼攻击,并在购买后结识其他在不同领域精通的成员,”谷歌写道。谷歌提到了网络犯罪分子在 Telegram 频道上的协作,他们可以在那里互相培训、讨论策略并开发钓鱼攻击。“该团伙在 Telegram 上通过公开且基本未加密的讨论,肆无忌惮地协调其行动。”
According to Google, the Outsider platform allegedly offers cybercriminals “more than 290 pre-built templates that mimic the legitimate websites” that generate replicas of real websites “in minutes,” along with guides on how to “weaponize AI-generated code,” as well as a dashboard to track progress of phishing campaigns. The cybercriminals have allegedly used Google Drive and Google Cloud infrastructure to host the phishing websites. 据谷歌称,Outsider 平台据称向网络犯罪分子提供了“超过 290 个模仿合法网站的预制模板”,这些模板可以在“几分钟内”生成真实网站的副本,并附有如何“将人工智能生成的代码武器化”的指南,以及用于跟踪钓鱼活动进展的仪表板。据称,这些网络犯罪分子利用谷歌云端硬盘(Google Drive)和谷歌云(Google Cloud)基础设施来托管这些钓鱼网站。
“The Outsider software has been used to create over a million phishing websites to swindle innocent victims out of millions of dollars,” Google wrote in the complaint. To give an idea of the scale of Outsider Enterprise’s operation, Google said that over a five-month period, from November 14, 2025 to April 14, 2026, the company detected more than 1.59 million URLs connected to it. “Outsider 软件已被用于创建超过一百万个钓鱼网站,从无辜受害者手中骗取了数百万美元,”谷歌在起诉书中写道。为了说明 Outsider Enterprise 的运营规模,谷歌表示,在 2025 年 11 月 14 日至 2026 年 4 月 14 日的五个月期间,该公司检测到超过 159 万个与该团伙相关的网址。
Google said the Outsider Enterprise operation is made up of several groups of cybercriminals: those who develop and maintain the phishing software and website templates; those who supply lists of targets curated from public records, social media, and data breaches; a “spammer group” that provides tools and the infrastructure to send scam texts in bulk, which includes smartphone banks, SIM cards, and modems; and those who monetize the stolen credentials and launder the stolen money. 谷歌表示,Outsider Enterprise 的运营由多个网络犯罪小组组成:负责开发和维护钓鱼软件及网站模板的人员;负责提供从公共记录、社交媒体和数据泄露中整理出的目标名单的人员;一个提供批量发送诈骗短信工具和基础设施(包括智能手机库、SIM 卡和调制解调器)的“垃圾短信小组”;以及负责将窃取的凭据变现并洗钱的人员。
The cybercriminals have stolen “at least 36,000 payment cards issued by financial institutions in 95 countries,” according to Google. The company accused the people behind Outsider Enterprise of impersonating Google and its brands, of infringing its copyright, of racketeering activities, of committing wire fraud, and false advertising. With the lawsuit, Google is seeking compensatory and punitive damages, and an order to stop the criminals from carrying out their activities. 据谷歌称,这些网络犯罪分子已经窃取了“来自 95 个国家金融机构发行的至少 36,000 张支付卡”。该公司指控 Outsider Enterprise 背后的相关人员冒充谷歌及其品牌、侵犯版权、进行敲诈勒索活动、实施电信诈骗以及虚假广告。通过此次诉讼,谷歌正在寻求补偿性和惩罚性赔偿,并要求法院下令禁止这些犯罪分子继续开展此类活动。