Google Sues China-Based Hackers Behind $1 Billion Lighthouse Phishing Platform

Google has filed a civil lawsuit in the U.S. District Court for the Southern District of New York (SDNY) against China-based hackers who are behind a massive Phishing-as-a-Service (PhaaS) platform called Lighthouse that has ensnared over 1 million users across 120 countries.

Lighthouse, along with other PhaaS platforms like Darcula and Lucid, is part of an interconnected cybercrime ecosystem operating out of China that is known to send thousands of smishing messages via Apple iMessage and Google Messages’ RCS capabilities to users in the U.S. and beyond in hopes of stealing sensitive data. These kits have been put to use by a smishing syndicate tracked as Smishing Triad.

In a report published in September, Netcraft revealed that Lighthouse and Lucid have been linked to more than 17,500 phishing domains targeting 316 brands from 74 countries. Phishing templates associated with Lighthouse are licensed from anywhere between $8 for a week to $1,588 for a yearly subscription.

It’s estimated that Chinese smishing syndicates may have compromised between 12.7 million and 115 million payment cards in the U.S. alone between July 2023 and October 2024. In recent years, cybercrime groups from China have also evolved to develop new tools like Ghost Tap to add stolen card details to digital wallets on iPhones and Android phones.

To read the complete article see: The Hacker News