Technology giant Google has filed a civil lawsuit in the United States against a large-scale text message phishing operation, accusing a Chinese-speaking cybercriminal group known as “Darcula” of running one of the most extensive scam campaigns targeting American consumers in recent years.
According to the complaint filed in a California court, Google alleges that Darcula created and distributed specialised phishing software that enabled even low-skilled scammers to launch mass-scale fraud operations. The network allegedly sent millions of fraudulent text messages impersonating trusted government agencies and well-known public services, including the Internal Revenue Service (IRS) and the United States Postal Service (USPS), to steal financial and personal data from unsuspecting users.
Lawsuit Seeks to Dismantle Scam Infrastructure
Google said the primary objective of the lawsuit is to secure court orders allowing it to seize, block and dismantle the digital infrastructure used by the network, including phishing websites, domains and backend systems.
The company stated that criminal networks operating across borders often evade traditional law enforcement, making civil litigation a critical tool to disrupt ongoing cybercrime. The lawsuit identifies Yucheng Chang as a key alleged operator of the Darcula group and claims he resides in China. It also names 24 additional defendants whose identities remain unknown.
According to Google, most of the network’s operators function from outside the United States, significantly complicating criminal prosecution.
‘Magic Cat’ Software Enabled Scams at Scale
Central to the alleged fraud is a phishing toolkit known as “Magic Cat.” Google claims the software was designed to be easy to use, allowing scammers with minimal technical skills to create and distribute phishing messages on a massive scale.
Victims who clicked on malicious links were redirected to fake websites closely mimicking legitimate platforms such as IRS portals, USPS tracking pages, toll payment services like E-ZPass, YouTube Premium subscription pages and parcel delivery sites. Once users entered their credit card or banking details, the information was harvested by the scammers.
Nearly 80% of Phishing Texts Linked to Network
Cassandra Knight, Google’s Vice President of Litigation, said internal analysis suggested that Darcula’s infrastructure was responsible for nearly 80 per cent of phishing text messages detected during a specific monitoring period earlier this year.
Google claims the network has stolen close to 900,000 credit card numbers globally, including approximately 40,000 belonging to U.S. residents. Between September and November alone, more than 5,000 complaints related to Darcula-linked scam texts were received from users of Google Messages.
International Probe Highlights Global Reach
The scale of the operation was further highlighted by an investigation conducted by Norway’s public broadcaster NRK, based on data shared by cybersecurity researchers. The investigation found that more than 600 individual scam operators were using the Magic Cat platform to impersonate Western companies and government agencies.
Researchers noted that the software was deliberately configured to prevent impersonation of Chinese institutions—an indicator, experts say, of the geographic and political environment in which such networks operate.
Cybercrime Losses at Record High
The lawsuit comes amid a sharp surge in cyber-enabled fraud. According to the FBI’s Internet Crime Complaint Center (IC3), Americans lost an estimated $16.6 billion to online scams in 2024—the highest annual figure on record.
Security experts warn that phishing via text messages has become one of the fastest-growing cyber threats, exploiting public trust in routine notifications from government bodies and service providers.
Google said the legal action is intended not only to disrupt the Darcula network but also to send a strong signal that technology companies are prepared to aggressively pursue civil remedies to protect users and uphold the integrity of digital communications.
