Find notable cyber news and cases, enriched with sources, timelines, and signals.

Smishing Triad Lighthouse SMS phishing campaign targeting mobile users

Campaign
First reported
Last updated
Happening score
H score 33
2 unique sources, 2 articles

Summary

Hide ▲

The Smishing Triad is running a large-scale SMS phishing campaign through Lighthouse, using trusted-brand impersonation to reach millions of text messages and more than a million victims across 120 countries. The operation matters because it turns simple text lures into repeatable theft of payment card data and follow-on monetization through mobile wallets. The same infrastructure is also being used for fake e-commerce lures, broadening the scam’s reach and staying power.

Related Happenings

Paid brand-impersonation phishing kits Lucid and Lighthouse scale fake-domain operations

Threat Actor Meta
H score37 First: 01.07.2026 10:20 Last: 01.07.2026 10:20 Sources 1

About this happening: Brand-impersonation phishing has become a **paid service**, with kits like **Lucid** and **Lighthouse** scaling fake-domain operations across **316 brands** in **74 countries**, i...

Shop fake receipt callback phishing campaign

Campaign
H score29 First: 25.06.2026 22:45 Last: 25.06.2026 22:45 Sources 1

About this happening: Threat actors are **abusing Shop** by planting **fake purchase receipts** in order histories, turning a trusted shopping app into a **callback-phishing lure** that can expose **ac...

FIFA-themed phishing-as-a-service market selling scam kits and ticket-buying bots

Threat Actor Meta
H score42 First: 05.06.2026 10:01 Last: 05.06.2026 10:01 Sources 1

About this happening: A **FIFA-themed phishing-as-a-service market** is selling **ready-made scam kits** and **ticket-buying bots**, lowering the barrier for fraud operators and making takedowns less e...

Magecart Stripe and Google Tag Manager card-skimming campaign

Campaign
H score36 First: 04.06.2026 23:47 Last: 04.06.2026 23:47 Sources 1

About this happening: The **Magecart** campaign is abusing **Stripe's API infrastructure** and **Google Tag Manager** containers to steal checkout data from **Magento/Adobe Commerce** stores. The skimm...

NGate Android Brazil fake-app and fake-lottery campaign

Campaign
H score37 First: 21.04.2026 12:00 Last: 21.04.2026 12:00 Sources 1

About this happening: A **NGate** campaign has been active since **November 2025**, targeting primarily **Android devices in Brazil** and using **fake-app** and **fake-lottery** lures to spread a malic...

Timeline

  1. 14.11.2025 11:45 1 articles · 7mo ago

    Lighthouse campaign drove 32,094 USPS phishing sites

    Campaign Scope Update

    Google said Lighthouse, the phishing-as-a-service kit linked to the Smishing Triad, was used to launch 32,094 distinct US Postal Service (USPS) phishing websites from July 2023 through October 2024, and that at least 116 templates featured Google logos or branding while the operation targeted over one million people in over 121 countries.

    Show sources
  2. 13.11.2025 16:47 1 articles · 7mo ago

    Google files lawsuit against 25 John Doe defendants tied to Lighthouse

    Legal Policy Action Update

    Google filed a lawsuit in the Southern District of New York on November 12, 2025, seeking to unmask and disrupt 25 John Doe defendants allegedly linked to Lighthouse, a China-based phishing-as-a-service kit associated with the Smishing Triad. The filing says Lighthouse is used to spoof trusted brands through SMS lures, mass-create fake e-commerce websites, capture payment card data, and push victims into enrolling cards into Apple and Google mobile wallets, with more than a million victims harmed across 120 countries.

    Show sources