Overview
- Google filed a civil complaint in the Southern District of New York alleging a racketeering enterprise and asserting RICO, Lanham Act and CFAA claims, seeking a temporary restraining order and permanent injunctions against the Lighthouse operation.
- The company estimates more than 1 million victims across over 120 countries and between roughly 12.7 million and 115 million compromised U.S. payment cards tied to Lighthouse‑enabled campaigns.
- Lighthouse is described as a phishing‑as‑a‑service kit sold via Telegram subscriptions with hundreds of brand‑spoofing templates, real‑time keystroke capture, multi‑factor code interception and rapid domain rotation, with research citing 200,000 fake sites generated in 20 days.
- Google alleges the network is largely China‑based and organized into developers, data brokers, spammers, theft groups and administrators, with at least one Telegram channel hosting about 2,500 participants.
- Beyond the lawsuit, Google is backing the GUARD Act, the Foreign Robocall Elimination Act and the SCAM Act, and is rolling out AI scam detection in Messages, link protections and expanded account recovery options such as Recovery Contacts.