Pierluigi Paganini November 12, 2025

Google sues China-based group using “Lighthouse” phishing kit in large-scale smishing attacks to steal victims’ financial data.

Google filed a lawsuit against a cybercriminal group largely based in China that is behind a massive text message phishing operation, or “smishing.” The organization uses a phishing-as-a-service kit named “Lighthouse” to steal sensitive financial information by sending fraudulent text messages.

The tech giant has filed claims under the Racketeer Influenced and Corrupt Organizations (RICO) Act, the Lanham Act, and the Computer Fraud and Abuse (CFAA) Act.

First detailed in August 2023 by Resecurity, a California-based cybersecurity company protecting Fortune 100 companies and governments worldwide, Smishing Triad’s activity affected consumers across the globe, including Australia, Austria, France, Greece, Germany, Italy, the U.S., the U.K., the Kingdom of Saudi Arabia, the UAE, and New Zealand.

According to Resecurity, the “LightHouse” kit distribution was organized through Telegram. The identified templates include fake pages impersonating UPS, USPS, the UK government, and various telecoms.

According to Google, the Smishing Triad’s operations have comprised between 12.7 million and 115 million credit cards in the U.S. alone, with victims spanning across 120 countries.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, malware)