Google is taking legal action against a Chinese cybercrime group that utilized Gemini to create phishing websites and dispatch 2.5 million fraudulent text messages.

      Google has filed a lawsuit against Outsider Enterprise, a Chinese cybercrime network that employed Gemini AI to create phishing websites and sent 2.5 million fraudulent texts over two weeks. The FBI is involved in the situation.

      On Friday, Google initiated legal action to dismantle the operation of the Outsider Enterprise group, which utilized AI, including Google's own Gemini, to produce phishing sites and dispatch scam messages impersonating Google and other brands. In a span of two weeks, this group sent 2.5 million fake texts to Android users.

      The operation set up 9,000 counterfeit websites and 1 million illegitimate web domains intended to steal passwords and credit card information. According to Google, the group has financially defrauded “hundreds of thousands of victims,” with losses estimated in the millions. In May alone, Android users reported 55,000 spam texts, averaging over two complaints each minute.

      The court documents reveal a particularly troubling aspect: members of Outsider Enterprise encouraged one another to utilize Gemini for creating tailored code for phishing sites, which was then integrated into their software suite to create live scam pages. Ironically, Google’s own AI was leveraged to build tools that targeted Google users.

      The group communicated via Telegram and disseminated “phishing kits” that enabled less experienced criminals to execute fake text campaigns impersonating trusted brands. Google stated that it employs “AI-powered tools to combat AI-powered scams,” successfully intercepting over 10 billion scam messages monthly through its detection systems.

      Google is collaborating with the FBI, which is undertaking unspecified law enforcement actions, and is also partnering with AT&T, T-Mobile, and Verizon to intercept scam texts before they reach users. The FBI has not provided a comment on the matter.

      This lawsuit is civil rather than criminal, indicating that Google seeks to eliminate the operation's infrastructure instead of pursuing prison time for individuals involved. Such actions are becoming more common among major tech companies targeting cybercrime operations, particularly when law enforcement is slow or unable to act, especially when perpetrators operate from jurisdictions beyond the reach of Western authorities.

      The scale of this operation highlights the affordability of AI-driven scams. Previously, creating thousands of convincing phishing sites required skilled developers. Now, a Telegram group can leverage advanced AI models to generate code and deploy it at scale. AI is making attack tools more economical across various categories, from discovering vulnerabilities to social engineering. Outsider Enterprise exemplifies the distribution aspect of industrial-scale fraud facilitated by readily available AI technology.

      Google has stated it will keep investing in AI-driven scam detection and encouraged users to activate the spam protection features on Android. However, the unsettling reality is that the same company offering the AI is now taking legal action against those who misused it for illegal purposes. The challenge of securing AI agents is not merely a product feature issue. With tools that are so powerful and accessible, the ongoing battle between creators and abusers is inevitable.