Toronto Police arrested three men and laid 44 charges over an alleged SMS blaster operation in the Greater Toronto Area that used rogue cellular base stations mounted in vehicles to impersonate legitimate towers and push phishing texts to nearby phones. Investigators said the campaign, dubbed Project Lighthouse, began drawing scrutiny after suspicious activity was reported in downtown Toronto in November 2025, with searches in Markham and Hamilton later leading to the seizure of multiple custom-built blasters and other electronic devices; two suspects were arrested during the searches and a third later surrendered.
Authorities said the devices forced tens of thousands of phones to connect automatically, enabling spoofed messages that appeared to come from banks, government agencies, and other trusted organizations and directing victims to fraudulent sites designed to steal credentials, passwords, and banking information. Police estimate the scheme caused roughly 13 million network disruptions or instances of mobile network entrapment, temporarily knocking affected devices off legitimate service and potentially blocking access to 911, and described the case as the first known detection of this type of threat in Canada while warning that conventional smishing remains an ongoing risk.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
5 events from the most recent confirmed update back to the earliest known activity.
Canadian authorities publicly disclosed that three men had been arrested and charged in what police described as Canada's first known SMS blaster case. Officials said the immediate threat from the seized devices had ended and warned the public about ongoing smishing risks through conventional channels.
A third suspect turned himself in to authorities after the March raids. Police said the surrender occurred on April 21.
On March 31, investigators executed searches in Markham and Hamilton, seizing multiple SMS blaster devices and other electronic equipment. Two suspects were arrested during the operation.
Over several months, operators allegedly drove vehicles equipped with rogue cellular base stations through the Greater Toronto Area, sending phishing texts that impersonated trusted organizations. Police said the operation affected tens of thousands of devices and caused roughly 13 million network disruptions, at times interfering with legitimate service and possible access to 911.
Toronto Police began investigating suspected SMS blaster activity in downtown Toronto after reports from a cybersecurity partner and other suspicious-activity alerts. Authorities later named the probe Project Lighthouse.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
4 references tracked. Mallory keeps watching after this page renders.
scworld.com
Open sourcehelpnetsecurity.com
Open sourcebleepingcomputer.com
Open sourcetomshardware.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.