Ethical Hacking News
Google takes on China-based hackers behind $1 billion Lighthouse phishing platform in a civil lawsuit filed in the U.S. District Court for the Southern District of New York (SDNY). The PhaaS kit has been linked to over 17,500 phishing domains and is used to conduct large-scale SMS phishing attacks that exploit trusted brands. Google's lawsuit aims to dismantle the underlying infrastructure of Lighthouse under various laws.
Google has filed a civil lawsuit against Lighthouse, a China-based phishing-as-a-service (PhaaS) platform used in large-scale SMS phishing attacks. The PhaaS kit has ensnared over 1 million users across 120 countries and has generated more than $1 billion over the past three years. Google's General Counsel, Halimah DeLaine Prado, states that at least 107 website templates featuring Google's branding were found on sign-in screens designed to trick people into believing they are legitimate. The Lighthouse platform is part of an interconnected cybercrime ecosystem operating out of China and linked to sending thousands of smishing messages via Apple iMessage and Google Messages' RCS capabilities. Phishing templates associated with Lighthouse are licensed for anywhere between $88 for a week to $1,588 for a yearly subscription.
Google has taken the unprecedented step of filing a civil lawsuit against a group of China-based hackers who have been behind a massive phishing-as-a-service (PhaaS) platform called Lighthouse. The platform, which has ensnared over 1 million users across 120 countries, is used to conduct large-scale SMS phishing attacks that exploit trusted brands like E-ZPass and USPS to steal people's financial information.
According to reports, the PhaaS kit is designed to display fake websites on sign-in screens that appear to be legitimate, tricking users into clicking on links related to fake toll fees or package deliveries. While the scam itself may seem simple, it is the industrial scale of the operation that has allowed it to rake in more than $1 billion over the past three years.
Google's General Counsel, Halimah DeLaine Prado, stated that the company has found at least 107 website templates featuring Google's branding on sign-in screens specifically designed to trick people into believing the sites are legitimate. The company is taking legal action to dismantle the underlying infrastructure of the Lighthouse platform under the Racketeer Influenced and Corrupt Organizations (RICO) Act, the Lanham Act, and the Computer Fraud and Abuse Act.
Lighthouse, along with other PhaaS platforms like Darcula and Lucid, is part of an interconnected cybercrime ecosystem operating out of China that has been linked to sending thousands of smishing messages via Apple iMessage and Google Messages' RCS capabilities to users in the U.S. and beyond. These kits have been put to use by a smishing syndicate tracked as Smishing Triad.
In a report published in September, Netcraft revealed that Lighthouse and Lucid have been linked to over 17,500 phishing domains targeting 316 brands from 74 countries. Phishing templates associated with Lighthouse are licensed for anywhere between $88 for a week to $1,588 for a yearly subscription.
The alignment of Lighthouse with the XinXin group in terms of infrastructure and targeting patterns highlights the broader trend of collaboration and innovation within the PhaaS ecosystem. Swiss cybersecurity company PRODAFT stated that "while Lighthouse operates independently of the XinXin group, its alignment with Lucid in terms of infrastructure and targeting patterns highlights the broader trend of collaboration and innovation within the PhaaS ecosystem."
The estimated number of payment cards compromised by Chinese smishing syndicates between July 2023 and October 2024 is staggering - ranging from 12.7 million to 115 million in the U.S. alone. In recent years, cybercrime groups from China have also evolved to develop new tools like Ghost Tap to add stolen card details to digital wallets on iPhones and Android phones.
As recently as last month, Palo Alto Networks Unit 42 reported that the threat actors behind Smishing Triad have used more than 194,000 malicious domains since January 1, 2024. These domains mimic a wide range of services, including banks, cryptocurrency exchanges, mail and delivery services, police forces, state-owned enterprises, and electronic tolls.
The Lighthouse PhaaS platform is just one example of the complex cybercrime ecosystem that operates out of China. Researchers have long identified this region as a hub for malicious activities, from phishing to malware distribution.
The threat posed by these platforms cannot be overstated. The sheer number of users targeted and the financial rewards make them an attractive option for organized crime groups. Furthermore, the ease with which new domains can be created and distributed highlights the agility of these cybercrime networks.
In light of this growing threat landscape, it is essential that governments and cybersecurity companies work together to dismantle these platforms and disrupt their operations. Google's lawsuit is a significant step in this direction, as it signals a concerted effort to hold accountable those responsible for this type of malicious activity.
The impact of the Lighthouse PhaaS platform extends beyond financial loss - it also highlights the need for greater awareness about cybersecurity best practices among users. As more and more services move online, the risk of phishing attacks increases exponentially.
In conclusion, the story of Lighthouse PhaaS serves as a stark reminder of the evolving threat landscape in the world of cybercrime. As governments and cybersecurity companies continue to work together to disrupt these platforms, it is essential that individuals also take steps to protect themselves from this type of malicious activity.
Related Information:
https://www.ethicalhackingnews.com/articles/Google-Takes-on-China-Based-Hackers-Behind-1-Billion-Lighthouse-Phishing-Platform-ehn.shtml
https://thehackernews.com/2025/11/google-sues-china-based-hackers-behind.html
https://www.socinvestigation.com/comprehensive-list-of-apt-threat-groups-motives-and-attack-methods/
https://www.swissinfo.ch/eng/factbox-apt31:-the-chinese-hacking-group-behind-global-cyberespionage-campaign/74337478
https://www.linkedin.com/pulse/lucid-phishing-as-a-service-platform-chinese-apt-campaign-henning-yym7c
Published: Wed Nov 12 23:04:54 2025 by llama3.2 3B Q4_K_M
