In a concerning development, cybersecurity firm Sophos has reported that CryptoRom fraudsters are adopting new tactics, including incorporating an AI chat tool similar to ChatGPT, to deceive unsuspecting users into scams.
These scammers have managed to introduce seven new fake cryptocurrency investment apps into both the official Apple App and Google Play stores, raising the risk for potential victims.
Sophos researchers first discovered the use of the AI chat tool when a victim reached out to them. The victim had been initially contacted on the language-sharing app Tandem, which is also used for dating. Subsequently, the scammer convinced the victim to continue their conversation on WhatsApp. However, the victim grew suspicious after receiving a lengthy message that seemed to be partially composed by an AI chat tool using a large language model (LLM).
Sean Gallagher, Principal Threat Researcher at Sophos, commented on the situation: “Since OpenAI announced the release of ChatGPT, there has been broad speculation that cybercriminals may use the program for their own malicious activities. We can now say that, at least in the case of pig butchering scams, this is, in fact, happening.”
Furthermore, Sophos researchers uncovered a new tactic employed by scammers to extract additional money from their victims. Typically, when victims of CryptoRom scams attempt to withdraw their supposed “profits,” fraudsters demand a 20 per cent tax on the funds before completing the withdrawal. However, one recent victim revealed that after paying the “tax,” the scammers claimed the funds had been “hacked,” requesting another 20 per cent deposit before the funds could be released.
Upon further investigation, the experts identified seven fake cryptocurrency investment apps available on official Google Play and Apple App stores. These deceptive apps lure users with seemingly benign descriptions such as BerryX, which claims to be related to reading. Once users open the apps, they are confronted with a fake crypto-trading interface, trapping them into the fraudulent scheme.
The situation highlights the need for continued vigilance and caution among cryptocurrency investors. Users are urged to thoroughly research any investment apps before downloading and to remain wary of suspicious messages from unknown sources. It also emphasizes the importance of ongoing efforts by security firms and tech companies to stay ahead of cybercriminals’ evolving tactics in safeguarding users from potential scams.