Outsider

The group deployed 9,000 fake websites, one million fraudulent web domains, and 2.5 million texts sent to Android users in a two-week period, according to Google.

The cybercriminals have allegedly used Google Drive and Google Cloud infrastructure to host the phishing websites.

This group “built, maintains, and uses a turn-key, online software suite that enables criminals, regardless of technical skill, to publish fraudulent websites designed to rob victims and enrich themselves,” according to the complaint.

Google says uses AI in its campaigns to send scam text messages impersonating Google and other brands to steal passwords and credit card numbers.

Its associates are tasked with sending the malicious web link to potential victims via Apple iMessage, Google Messages and other modern messaging methods... Google's cybercrime investigation team said it found 2.6 million messages sent via Google Messages containing links to the phishing group's websites.

To lure people to the fake websites, the cybercriminals collaborate with one another to send victims malicious text messages, or purchase ads.

Outsider offers more than 290 pre-built templates that mimic the legitimate websites of financial services providers, phone service providers, government agencies and retailers.

To bypass multifactor authentication, these phishing sites display fake MFA pages that prompt users to get authentication codes. Attackers use the stolen credentials to log into the victim's account in real time, trigger an MFA code from the legitimate institution and then trick the user into providing that code to the fake site.

The service also offers more than 290 pre-built templates that impersonate legitimate websites of trusted institutions, real-time keystroke logging, and a performance dashboard to track the effectiveness of a campaign.

Attackers use the stolen credentials to log into the victim's account in real time, trigger an MFA code from the legitimate institution and then trick the user into providing that code to the fake site.

To bypass multifactor authentication, these phishing sites display fake MFA pages that prompt users to get authentication codes. Attackers use the stolen credentials to log into the victim's account in real time, trigger an MFA code from the legitimate institution and then trick the user into providing that code to the fake site.

The service also offers more than 290 pre-built templates that impersonate legitimate websites of trusted institutions, real-time keystroke logging, and a performance dashboard to track the effectiveness of a campaign.

Attackers use the stolen credentials to log into the victim's account in real time, trigger an MFA code from the legitimate institution and then trick the user into providing that code to the fake site.