Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Google sues cybercriminal group Smishing Triad

Google sues China-based group using “Lighthouse” phishing kit in large-scale smishing attacks to steal victims’ financial data. Google filed a lawsuit against a cybercriminal group largely based in China that is behind a massive text message phishing operation, or “smishing.” The organization uses a phishing-as-a-service kit named “Lighthouse” to steal sensitive financial information by sending […]

Google Artificial intelligence

Image Source: CNBC

Google sues China-based group using “Lighthouse” phishing kit in large-scale smishing attacks to steal victims’ financial data.

Google filed a lawsuit against a cybercriminal group largely based in China that is behind a massive text message phishing operation, or “smishing.” The organization uses a phishing-as-a-service kit named “Lighthouse” to steal sensitive financial information by sending fraudulent text messages.

The tech giant has filed claims under the Racketeer Influenced and Corrupt Organizations (RICO) Act, the Lanham Act, and the Computer Fraud and Abuse (CFAA) Act.

First detailed in August 2023 by Resecurity, a California-based cybersecurity company protecting Fortune 100 companies and governments worldwide, Smishing Triad’s activity affected consumers across the globe, including Australia, Austria, France, Greece, Germany, Italy, the U.S., the U.K., the Kingdom of Saudi Arabia, the UAE, and New Zealand.

According to Resecurity, the “LightHouse” kit distribution was organized through Telegram. The identified templates include fake pages impersonating UPS, USPS, the UK government, and various telecoms.

According to Google, the Smishing Triad’s operations have comprised between 12.7 million and 115 million credit cards in the U.S. alone, with victims spanning across 120 countries.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, malware)