Sophos, a leading cybersecurity as a service provider, has recently released a comprehensive report, “Sha Zhu Pan Scam Uses AI Chat Tool to Target iPhone and Android Users“, shedding light on CryptoRom scams, a subset of pig butchering schemes aimed at deceiving users of dating apps into making fake cryptocurrency investments.
These fraudsters have now incorporated AI chat tools, such as ChatGPT, into their tactics, making their scams more convincing and less labor-intensive. Additionally, they have managed to sneak seven new fake cryptocurrency investment apps into the official Apple App and Google Play stores, posing an increased risk to potential victims.
Rising Investment Fraud Involving Cryptocurrency
In 2022, investment fraud involving cryptocurrency reached unprecedented levels, causing staggering losses of US$3.31 billion in the US alone, making it the highest reported scam by the public to the FBI’s Internet Crimes Complaint Center (IC3). Of these fraudulent activities, pig butchering and other cryptocurrency-related scams represented a significant portion, with reported losses increasing by 183% from 2021 to US$2.57 billion last year.
The Emergence of AI Chat Tool in CryptoRom Scams
Sophos X-Ops researchers first became aware of CryptoRom scammers employing an AI chat tool, likely ChatGPT, when a victim reached out to them. The victim was initially contacted on the language sharing app, Tandem, which is sometimes used as a dating app. The scammer then convinced the victim to continue the conversation on WhatsApp, where the victim grew suspicious after receiving a lengthy message, seemingly written partly by an AI chat tool using a large language model.
Also Read: Sophos launches Managed Detection and Response (MDR) for Microsoft Defender
“The main challenge for fraudsters with CryptoRom scams is carrying out sustained, convincing romantic conversations with targets, which are primarily written by ‘keyboarders.’ The addition of ChatGPT makes the scams more efficient and authentic, allowing scammers to engage with multiple victims simultaneously,” explained Sean Gallagher, principal threat researcher at Sophos.
New Scammer Tactics and Fake Crypto Apps
In addition to the AI chat tool, Sophos X-Ops uncovered a new scammer tactic aimed at extorting more money from victims. After victims of CryptoRom scams attempt to withdraw their “profits,” fraudsters demand a 20% tax on the funds. However, Sophos found a recent victim who was asked to make another 20% deposit, claiming that their funds had been hacked, before receiving the money.
Also Read: Kenya experiences 82% increase in cyber-attacks according to Liquid C2 Cybersecurity Report
Furthermore, Sophos identified seven fake cryptocurrency investment apps in the official Google Play and Apple App stores. These apps cleverly use seemingly benign descriptions, such as BerryX claiming to be reading-related, to evade detection. However, once users open these apps, they are met with a fake crypto-trading interface.
Defeating Apple’s App Store Review Process
The creators of these fraudulent apps have found a way to bypass Apple’s App Store review process. They submit the apps using legitimate content initially and modify the server hosting the app with fraudulent code after approval and publication. The presence of similar templates and descriptions among these apps suggests that one or two pig butchering rings may be responsible for creating this scheme.
Conclusion
As CryptoRom scams continue to evolve, it is crucial for users to stay vigilant and aware of these deceptive campaigns. Sophos’ discoveries have shed light on the emergence of AI chat tools and fake crypto apps that target dating app users.
Awareness and reporting of suspicious activities are essential in protecting potential victims from falling prey to these ruthless fraudsters. By understanding the evolving tactics and staying informed, users can better safeguard themselves from CryptoRom scams and their detrimental effects.
