.png)
Google has taken the unusual step of filing a civil lawsuit to shut down a cybercrime platform it says has played a major role in global smishing activity. The company went to the United States District Court for the Southern District of New York to target the people behind Lighthouse, a large-scale phishing as a service operation that has affected more than one million users across one hundred twenty countries.
This legal action reflects a growing trend among major technology companies. Rather than simply blocking malicious activity, they are working to dismantle the services that power these attacks.
What Happened
Lighthouse is a subscription based service designed to help criminals run high volume SMS phishing campaigns. These campaigns impersonate trusted brands such as postal services and electronic tolling providers. Victims often receive a text claiming that a toll fee is overdue or that a package needs additional information. When they click the link, they are taken to a convincing but fraudulent website that steals financial and personal data.
Google discovered more than one hundred templates used by Lighthouse that copied Google branding on fake sign in pages. According to the company, this impersonation is one of the reasons it is taking the matter to court. The lawsuit cites several major United States laws including the Racketeer Influenced and Corrupt Organizations Act, the Lanham Act, and the Computer Fraud and Abuse Act.
A Look Inside the Lighthouse Network
Lighthouse is not operating alone. It is part of a broader group of phishing as a service providers that originate in China. Other well known platforms in this ecosystem include Darcula and Lucid. These services work together in ways that allow criminals to launch large numbers of smishing messages through Apple iMessage and through the R C S capabilities of Google Messages.
Security firms have been monitoring this activity closely. Netcraft reported that Lighthouse and Lucid have been linked to more than seventeen thousand five hundred phishing domains that targeted more than three hundred brands in seventy four countries. Subscriptions for Lighthouse templates range from eighty eight dollars per week to one thousand five hundred eighty eight dollars per year depending on the package.
PRODAFT, a cybersecurity company based in Switzerland, noted that Lighthouse shares infrastructure patterns with Lucid even though it operates separately. This collaboration reflects a growing trend of interconnected phishing providers that trade tools and techniques.
.png)
Impact on Victims
Researchers estimate that smishing groups operating from China may have compromised between twelve point seven million and one hundred fifteen million United States payment cards between July 2023 and October 2024. These groups continue to evolve their tools. One recent example is a method called Ghost Tap, which adds stolen card data to smartphone digital wallets on both iPhone and Android devices.
Palo Alto Networks Unit 42 reported that members of a syndicate known as Smishing Triad used more than one hundred ninety four thousand malicious domains since the beginning of 2024. These domains impersonated banks, cryptocurrency platforms, delivery companies, police agencies, toll providers, and numerous other services.
According to Silent Push, all three platforms Lighthouse, Darcula, and Lucid appear to be used by Smishing Triad. Threat actors often switch between them depending on operational needs. Security analysts also noted that Chinese speaking actors openly discuss tactics and share knowledge within private messaging channels, further connecting these services and the larger smishing ecosystem.
Key Takeaways
- Google has filed a lawsuit in New York against the operators of Lighthouse
- Lighthouse has helped criminals run large scale SMS phishing campaigns that imitate trusted brands
- The service has affected more than one million people across more than one hundred countries
- Lighthouse is tied to thousands of phishing domains and a large network of related platforms including Darcula and Lucid
- Smishing Triad, a coordinated criminal group, uses these platforms to target victims across the world
- Chinese smishing groups may have compromised tens of millions of United States payment cards
- Google aims to dismantle the infrastructure supporting Lighthouse through multiple United States laws
Final Thoughts
The scale of Lighthouse shows how organized and commercialized cybercrime has become. These phishing as a service operations function like full businesses, offering templates, support, and infrastructure to anyone willing to subscribe. By taking legal action, Google is signaling that simply blocking malicious domains is no longer enough. Companies must disrupt the platforms that make these attacks easy and profitable.
Cybercrime continues to evolve and so must the strategies used to combat it. This lawsuit may become a model for future efforts to shut down large and sophisticated phishing operations.
Call to Action
If your organization wants stronger protection against phishing attacks and modern cyber threats, Skyriver IT is here to help. Our team provides comprehensive security monitoring, staff training, and proactive defense strategies designed to keep your business safe. Contact Skyriver IT today to schedule a consultation and strengthen your security posture before the next wave of attacks arrives.
