Google has filed a civil lawsuit in the United States against a group of alleged Chinese cybercriminals linked to the Darcula phishing network, accusing the organisation of operating a fraud scheme that sent millions of scam text messages to mobile phone users in the United States this year. This legal action is the second of its kind by the company in a month, following a similar complaint against another group known as Lighthouse.
The complaint, filed in federal civil court in Manhattan, alleges that Darcula functions as a phishing-as-a-service platform that sells software enabling users with limited technical skill to send phishing text messages at scale. The software offered by the network, referred to as “Magic Cat,” allows buyers to impersonate organisations such as the Internal Revenue Service or the US Postal Service and send large volumes of phishing texts that include links to counterfeit websites.
According to the complaint, recipients of these texts were enticed to click links to fraudulent sites where they were prompted to enter personal and financial information. Once victims provided credit card details, the complaint asserts that the same criminals who purchased the Magic Cat tool frequently targeted these individuals and used or sold the stolen information.
The identities of most individuals named in the lawsuit remain unknown. The filing identifies one defendant by name, Yucheng Chang, whom Google alleges is the leader of the criminal enterprise. Twenty-four other defendants named in the suit are unnamed in the publicly available complaint. The filing seeks authority to take control of websites used in the phishing campaign to disrupt the infrastructure supporting the illegal activity.
Google’s litigation documents state that the latest version of the Darcula software includes artificial intelligence tools designed to generate convincing fake versions of legitimate websites within minutes. These capabilities reportedly expand the reach and effectiveness of phishing campaigns by simplifying the creation of deceptive pages that mimic trusted services.
The company estimates that the Darcula network and its associates have stolen nearly 900,000 credit card numbers, including almost 40,000 from individuals in the United States. Google said it received more than 5,000 complaints about scam text messages from September through November.
Legal experts and cybersecurity observers have noted that taking down the infrastructure for such schemes is challenging because the network’s operations span multiple jurisdictions, often in regions that do not routinely cooperate with United States law enforcement. Google’s legal action aims to obtain court orders that would allow the company to seize control of domain names and other assets used to host or distribute the phishing content.
The Darcula platform is understood to be part of a broader set of phishing networks that use Rich Communication Services and other messaging protocols to evade detection and reach users with high volumes of scam messages. These networks leverage hundreds of counterfeit domain names to impersonate legitimate brands and organisations. Analysis by external sources indicates that similar platforms have been used to target users in more than 100 countries and that the underlying infrastructure has been connected to substantial data theft and fraud over extended periods.
The lawsuit highlights ongoing concerns by technology companies and cybersecurity professionals about the proliferation of phishing-as-a-service models that lower technical barriers for criminals and expand the scale of fraudulent campaigns. Legal actions such as Google’s aim to disrupt these operations and to give private sector entities tools to act against malicious infrastructure when traditional law enforcement cooperation is limited.
Darcula’s activities and the broader phishing ecosystem remain under scrutiny by analysts and regulators. Efforts to dismantle such networks involve not only litigation but also cooperation with internet service providers, domain registrars, and international law enforcement to mitigate harm to consumers and organisations worldwide.