A PYMNTS Company

Google Sues Alleged China-Based Hackers Over Widespread Phishing Scheme

By  |  December 22, 2025

Alphabet’s Google has filed a lawsuit accusing a China-based cybercrime network of running a large-scale phishing operation that targeted Americans and sought to steal their credit card information, according to Bloomberg.

    Get the Full Story

    Complete the form to unlock this article and enjoy unlimited free access to all PYMNTS content — no additional logins required.

    yesSubscribe to our daily newsletter, PYMNTS Today.

    By completing this form, you agree to receive marketing communications from PYMNTS and to the sharing of your information with our sponsor, if applicable, in accordance with our Privacy Policy and Terms and Conditions.

    The complaint, filed Wednesday, alleges that the group, known as Darcula, created and distributed a malicious software kit that allowed even low-skilled users to send automated waves of text messages posing as offers for free Google services, such as YouTube Premium. Per Bloomberg, those messages were designed to trick recipients into handing over sensitive financial details, which were then used to siphon money from victims.

    Google claims the operation was extensive in both scale and impact. According to Bloomberg, the company estimates that nearly 900,000 credit card numbers were stolen over a seven-month period, including about 40,000 belonging to US residents. At its peak, the campaign was responsible for as much as 80% of all phishing text messages detected and involved roughly 600 individuals participating in the scheme.

    Legal actions like this one are increasingly used by major technology companies as a way to disrupt cybercrime, rather than simply responding to individual incidents. As Bloomberg reports, firms such as Google and Microsoft Corp. often seek court approval to seize or shut down the online infrastructure used by scammers. By taking control of domains and related services, companies aim to interrupt criminal operations and make them more costly or difficult to restart.

    Related: Google Faces Antitrust Scrutiny Over AI Overviews and News Content

    The lawsuit also highlights the growing sophistication of the tools allegedly used by the group. According to the complaint cited by Bloomberg, the latest version of the Darcula software includes an artificial intelligence feature capable of generating convincing replicas of nearly any website within minutes, making phishing attempts harder for users to detect.

    Representatives of the alleged cybercriminal group were not immediately reachable for comment. A Telegram channel referenced in the lawsuit and reportedly used by members of the group is no longer active, according to Bloomberg.

    Google said in its filing that it decided to pursue legal action because the operation relied heavily on Google’s branding, forcing the company to spend significant time and resources fighting fraudulent activity linked to the scheme. The lawsuit follows another action taken by Google in November, when it sued a separate group accused of sending deceptive text messages warning recipients about unpaid tolls or undelivered packages, per Bloomberg.

    Source: Bloomberg