news Alerts
There are no new alerts at this time
Google is suing a Chinese-speaking cybercriminal group it says is responsible for a massive wave of scam text messages sent to Americans this year, according to a legal complaint filed Tuesday.
The group, known as Darcula, sells software that allows users to send phishing text messages en masse, impersonating organizations like the IRS or the U.S. Postal Service in scams.
The lawsuit is designed to give Google legal standing so U.S. courts will allow it to seize websites the group uses, hampering their operations, a spokesperson said.
Darcula is possibly the most prominent name in an emerging, loosely affiliated cybercrime world that creates and sells hacking programs for aspiring scammers to use. Darcula’s signature program, called Magic Cat, provides an easy-to-use, intuitive way for cybercriminals without advanced hacking skills to quickly spam millions of phone numbers with links to fake websites impersonating businesses like YouTube’s premium service, then steal the credit card numbers victims put in.
The complaint asks for a temporary restraining order against Darcula’s web infrastructure, which would allow Google to legally seize control of it and shut it down.
The identities of Darcula members, who operate largely in simplified Chinese, are largely unknown. The legal complaint names as a leader Yucheng Chang, who could not be reached for comment. It also accuses 24 other defendants who are unnamed and whose identities Google does not know.
Google says Chang resides in China, while other group members live in China or other foreign countries.
Cybercrime ecosystems that target Americans often flourish in foreign countries that do not routinely work with U.S. law enforcement, making it particularly difficult for the U.S. to stop them. That has led some tech giants, including Google and Microsoft, to periodically use the court system to take over websites affiliated with criminal hackers’ internet operations to try to shut them down.
In videos posted to its Telegram channel this year, viewed at the time by NBC News, Darcula highlighted that its program could be customized to send scores of texts to Americans’ phones telling them they owed unpaid E-ZPass tolls.
That Telegram channel is no longer operational, and the group could not be reached for comment.
“We are taking legal action to shut down the infrastructure of a massive scam operation that was responsible for 80% of all phishing texts,” Cassandra Knight, Google’s Vice President of Litigation at Google, said in an emailed statement, referring to the company’s estimate of texts sent in a period earlier this year.
“Our message to scammers is clear: We will use our technical and legal resources to protect our users and hold you accountable,” she said.
An investigation by Norwegian National Broadcasting (NRK), which sifted through significant records on Magic Cat acquired by cybersecurity researchers, found that there were more than 600 scam operators behind the messages.
While the Magic Cat software lets its criminal operators choose to appear to come from a wide range of Western companies and governments, it does not let users pretend to come from China, NRK found.
Google estimated that Darcula and associates have stolen nearly 900,000 credit card numbers, including nearly 40,000 from Americans, the complaint says. From September to November alone, Google received more than 5,000 complaints from people who use Google Messages, the default text message app on Google Pixel phones, about Darcula scam texts.
Americans are increasingly victimized by scammers. The FBI’s annual Internet Crime Complaint Center report found that last year, Americans reported a record $16.6 billion stolen by cybercriminals.
Kevin Collier is a reporter covering cybersecurity, privacy and technology policy for NBC News.
© 2025 NBCUniversal Media, LLC

source