- Target Op: “Lighthouse” kit, Chinese PhaaS for SMS scams; Google sues 25 for impersonating brands like E-ZPass, USPS.
- Scale: 107 Google templates, 32K+ fake sites; hit 1M+ users in 121 countries, stole 12M+ cards since 2023.
- Tactics: Smishing Triad sells kit for $88/week, templates, SMS tools; automates phishing for novices, fake toll/package alerts.
- Disruption: Lawsuit under RICO/Lanham Act; Telegram channels down, servers blocked, Google backs US bills for scam fights.
Google filed a lawsuit this week against a Chinese cyber ring running the “Lighthouse” operation, a phishing kit that’s made SMS scams easier for crooks worldwide. The suit targets 25 unnamed folks accused of selling templates that mimic big brands to trick people into handing over logins and card details via fake texts. It’s the first major crackdown on a PhaaS (phishing-as-a-service) setup, showing how AI and kits are arming low-level hackers to hit millions fast.
Lighthouse, tied to the Smishing Triad crew since 2023, offers over 600 fake site templates, 116 with Google’s logo, for quick scams like bogus toll fees or package updates. Users pay $88 a week or $1,588 yearly for tools that generate domains, send bulk SMS, and evade blocks, hitting banks, delivery firms, and more across 74 countries. Google says it’s snared 1 million victims in 121 spots, stealing 12-115 million cards in the US alone, with sites getting 50K visits each.
The kit’s “phishing for dummies” vibe lets anyone spin up campaigns without coding skills, filtering templates by region or brand. It’s part of a bigger Chinese ecosystem with Lucid and Darcula, where teams share forums for tips, payments, and data sales. Google claims RICO fraud and trademark abuse, seeking to seize domains and shut servers, Telegram channels vanished fast, with a message about “malicious complaints” blocking their cloud.
Anthropic’s Halimah DeLaine Prado called it relentless scamming, exploiting trust in Google and others. The suit’s long game, subpoena ISPs for IDs, block infrastructure, pairs with backing three US bills: GUARD Act for elder fraud probes, Foreign Robocall taskforce, and SCAM Act against scam compounds. New features flag AI scam texts like fake deliveries, plus recovery contacts for locked accounts.
Twitter’s lit with reactions, security pros praising the takedown, but warning kits evolve quick. This bust spotlights PhaaS growth, where $1K buys a scam empire; firms must train on spotting texts and use MFA to stay safe.
Other Resources
Google Cracks Smishing Kit | Hacker News on PhaaS | Google Policy Push
[1](https://www.infosecurity-magazine.com/news/google-lawsuit-dismantle/)
[2](https://www.securityweek.com/google-says-chinese-lighthouse-phishing-kit-disrupted-following-lawsuit/)
[3](https://www.moneycontrol.com/technology/google-sues-to-shut-down-china-based-lighthouse-network-accused-of-scamming-millions-with-fake-google-branded-phishing-kits-article-13674671.html)
[4](https://www.malwarebytes.com/blog/news/2025/11/1-million-victims-17500-fake-sites-google-takes-on-toll-fee-scammers)
[5](https://thehackernews.com/2025/11/google-sues-china-based-hackers-behind.html)
[6](https://timesofindia.indiatimes.com/technology/tech-news/google-sues-china-based-hacking-group-says-misusing-big-brands-including-e-zpass-google-and-others-to-trap-users/articleshow/125272783.cms)
[7](https://www.darkreading.com/threat-intelligence/google-dim-lighthouse-phishing-as-a-service)
[8](https://blog.google/outreach-initiatives/public-policy/legal-action-and-legislation-fight-scammers/)
[9](https://www.cnbc.com/2025/11/12/google-e-zpass-usps-text-scam-phishing-suit.html)
[10](https://www.npr.org/2025/11/12/nx-s1-5604857/google-lawsuit-phishing-text-message-scammers)
[11](https://www.wired.com/story/lighthouse-google-lawsuit-scam-text-messages/)
![Online Scam Cases Continue to Rise Despite Crackdowns on Foreign Fraud Networks [Myanmar]](https://sumtrix.com/wp-content/uploads/2025/06/30-12-120x86.jpg "Online Scam Cases Continue to Rise Despite Crackdowns on Foreign Fraud Networks [Myanmar]")
