Google has filed a federal lawsuit against three individuals in China to disrupt an extensive SMS phishing, or ‘smishing’, campaign. The civil complaint, submitted to the U.S. District Court for the Southern District of New York, identifies the defendants as Yunhe Wang, Jingping Zhang, and Guo Chun. The legal action accuses the trio of operating a fraudulent enterprise that targeted millions of users with malicious text messages designed to steal sensitive personal and financial information.

The lawsuit is part of a multi-pronged effort by Google to combat the group’s infrastructure. In its filing, the company detailed the defendants’ methods for tricking users into divulging their login credentials and other private data.

The Mechanics of the Smishing Campaign

The operation utilized a network of thousands of fraudulent domain names to host counterfeit websites. Victims received text messages containing links that, when clicked, led to these phishing pages. The pages were designed to be exact replicas of legitimate login portals for services such as Google, Yahoo, and various financial institutions. Once a user entered their username and password, the data was immediately transmitted to servers under the defendants’ control.

According to evidence compiled by Google’s Threat Analysis Group (TAG), the campaign also deployed techniques to bypass two-factor authentication. The group’s infrastructure was set up to harvest one-time passwords and session cookies, granting them unauthorized access to user accounts. The operation was global in scale, with messages sent to individuals in the United States, United Kingdom, and Canada.

Google’s Legal and Technical Response

Google’s lawsuit seeks a court order to disable the domains associated with the phishing operation and prevent the defendants from registering new ones. The legal action alleges violations of the Computer Fraud and Abuse Act (CFAA) and the Racketeer Influenced and Corrupt Organizations (RICO) Act. The complaint provides technical evidence linking the defendants to the creation of the phishing kits and the management of the criminal infrastructure.

In parallel with the legal proceedings, Google’s technical teams have updated security protocols to better detect and block messages and websites linked to this campaign. The company has also shared its findings with domain registrars and other technology firms to assist in a broader takedown of the group’s operational assets. The lawsuit represents a direct legal and technical challenge to the individuals behind the smishing network.

Source: https://krebsonsecurity.com/2025/11/google-sues-to-disrupt-chinese-sms-phishing-triad/