Today's cybersecurity headlines are brought to you by ThreatPerspective
Ethical Hacking News

Google Sues to Dismantle Chinese Phishing Platform Behind US Toll Scams




Google has filed a lawsuit against Lighthouse, a phishing-as-a-service (PhaaS) platform used by cybercriminals worldwide to steal credit card information through SMS phishing attacks that impersonate the U.S. Postal Service (USPS) and E-ZPass toll systems. The lawsuit aims to shut down the website infrastructure supporting the Lighthouse PhaaS, which has affected over 1 million victims across 120 countries.

  • Google has filed a lawsuit against Lighthouse, a phishing-as-a-service (PhaaS) platform used by cybercriminals worldwide.
  • Lighthouse has affected over 1 million victims across 120 countries with its SMS phishing attacks that impersonate the U.S. Postal Service and E-ZPass toll systems.
  • The platform offers phishing templates and infrastructure to other cybercriminals, allowing them to steal personal information and credit card numbers.
  • Google has found at least 107 phishing website templates featuring its own branding to boost the sites' reputations.
  • The operation uses customizability features that allow it to steal login credentials and two-factor authentication (2FA) codes.
  • Lighthouse is linked to a Chinese threat actor known as "Wang Duo Yu" who operates Telegram channels to sell and support the phishing kits.
  • Google supports several U.S. policy initiatives aimed at protecting consumers from scams and foreign-based cybercrime, including the GUARD Act, Foreign Robocall Elimination Act, and SCAM Act.



    • Google has filed a lawsuit against Lighthouse, a phishing-as-a-service (PhaaS) platform used by cybercriminals worldwide to steal credit card information through SMS phishing attacks that impersonate the U.S. Postal Service (USPS) and E-ZPass toll systems. The lawsuit aims to shut down the website infrastructure supporting the Lighthouse PhaaS, which Google says has affected over 1 million victims across 120 countries.

    According to Google, Lighthouse offers phishing templates and infrastructure to other cybercriminals, allowing them to send text messages claiming to be from well-known services like USPS or toll payment systems like EZPass. These links in the smishing texts point to sites that impersonate toll authorities that claim the visitor has unsettled toll charges. However, the main goal of these sites is to steal personal information and credit card numbers for use in additional financial fraud.

    The phishing page victims land onSource: BleepingComputer
    Google says it found at least 107 phishing website templates that feature its own branding to boost the sites' reputations. They exploit the reputations of Google and other brands by illegally displaying their trademarks and services on fraudulent websites. Researchers at Cisco Talos have previously linked Lighthouse to smishing kits developed by the Chinese threat actor known as "Wang Duo Yu," who operates Telegram channels to sell and support the Lighthouse phishing kits.

    The phishing platform enables threat actors to send text messages via iMessage (iOS) and RCS (Android), potentially evading spam filters. Talos reports that since October 2024, multiple threat actors have used Wang Duo Yu's kits to run toll road scams across the United States, sending fake E-ZPass billing alerts to users in states including Washington, Florida, Pennsylvania, Virginia, Texas, Ohio, Illinois, and Kansas.

    The operation has been ongoing, with thousands of typosquatted domains used in these scams. Netcraft also reported that Wang Duo Yu marketed Lighthouse as a commercial phishing kit, with subscription prices ranging from $88 per week to $1,588 per year. The platform supported customizable templates that could steal both login credentials and two-factor authentication (2FA) codes.

    The group previously operated under the name "Smishing Triad" before rebranding as Lighthouse in March 2025. Similar campaigns have been attributed to other Chinese threat actors running phishing-as-a-service platforms, such as Darcula and Lucid. However, Netcraft says that Lighthouse uses the same 'LOAFING OUT LOUD' fake shop template as Lucid, indicating a possible connection between the groups.

    Google also announced today the support for several U.S. policy initiatives that aim to protect consumers from scams and foreign-based cybercrime:

    * The GUARD Act empowers state and local law enforcement to investigate fraud targeting retirees.
    * The Foreign Robocall Elimination Act creates a task force to block illegal robocalls originating overseas.
    * The SCAM Act establishes a national strategy to counter scam compounds and impose sanctions on operators.

    Google says it is expanding its use of AI to detect scam messages, adding new protections in Google Messages, and improving account recovery through Recovery Contacts. The company will also continue to provide public education and partnership efforts to help users recognize these types of scams.



    Related Information:
  • https://www.ethicalhackingnews.com/articles/Google-Sues-to-Dismantle-Chinese-Phishing-Platform-Behind-US-Toll-Scams-ehn.shtml

  • https://www.bleepingcomputer.com/news/security/google-sues-to-dismantle-chinese-phishing-platform-behind-us-toll-scams/

  • https://www.bleepingcomputer.com/news/security/google-sues-to-dismantle-chinese-platform-behind-global-toll-scams/

  • https://www.cbsnews.com/news/google-lawsuit-text-message-phishing-attacks/

  • https://www.tomshardware.com/tech-industry/cyber-security/google-sues-chinese-hacker-group-it-says-stole-usd1-billion-from-a-million-victims-in-121-countries-lighthouse-platform-offers-phishing-services-to-crooks-for-a-monthly-fee

  • https://thehackernews.com/2025/11/google-sues-china-based-hackers-behind.html


    • Published: Wed Nov 12 15:47:51 2025 by llama3.2 3B Q4_K_M


    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us