Unmasking the Evolution of CryptoRom Scams: AI Chat Tools and Fake Apps Unveiled by Sophos

Sophos exposes evolving CryptoRom scams using AI chat tools and fake apps, enhancing the sophistication and threat level of these pig butchering schemes. These scammers leverage AI for sustained conversations and manipulate victims by claiming hacked crypto accounts, while infiltrating official app stores with counterfeit crypto investment apps.

3 August 2023 – In a significant revelation, renowned cybersecurity company Sophos has unveiled fresh insights into the evolving landscape of CryptoRom scams, shedding light on the scammers’ adoption of advanced techniques and their growing menace. These scams, known as “pig butchering” (shā zhū pán) schemes, have taken on new dimensions, incorporating AI chat tools and deceptive mobile applications.

Since May, Sophos X-Ops, the threat research division of Sophos, has closely monitored the adaptation of CryptoRom fraudsters, marking a notable shift in their approach. Their latest report titled “Sha Zhu Pan Scam Uses AI Chat Tool to Target iPhone and Android Users” delves into these developments. The scammers have now integrated AI chat tools, including tools akin to ChatGPT, into their repertoire. This addition aids scammers in sustaining engaging and prolonged conversations with victims on dating apps, a pivotal aspect of the manipulation process. By utilizing AI chat tools, these scammers reduce the labor-intensive nature of their operations while simultaneously engaging with multiple victims.

A screenshot showing how the scammer used large language model-based AI in chat responses.

Moreover, these fraudulent actors have expanded their tactics by exploiting victims’ fears of compromised cryptocurrency accounts. This new coercion method involves convincing victims that their accounts have been hacked, subsequently demanding further monetary contributions upfront. Additionally, Sophos X-Ops discovered that the scammers have managed to infiltrate official platforms, successfully introducing seven counterfeit cryptocurrency investment applications to the Apple App Store and Google Play Store. This maneuver significantly increases the risk to potential victims, as the apps appear benign but lead users to a fabricated crypto-trading interface.

Sophos X-Ops’ investigation reveals that these scammers meticulously maneuver their way past the Apple App Store review process. Employing a technique disclosed by Sophos in February 2023, they initially submit the app using legitimate content. Once approved and published, the scammers modify the hosted app’s server to implement the deceptive crypto-trading interface. The presence of recurring templates and descriptions in several of these apps indicates potential coordination among a few pig butchering rings, underscoring the organized nature of these scams.

The emergence of AI chat tools in these scams poses a new challenge for cybersecurity experts, as they must now grapple with the fusion of technology and deception. Sean Gallagher, Principal Threat Researcher at Sophos, emphasized the significance of raising awareness about these evolving tactics to safeguard potential victims from falling prey to these schemes.

As the threat of investment fraud, particularly involving cryptocurrencies, continues to grow, vigilance remains the key to thwarting such scams. Cybersecurity professionals and the general public must remain informed and cautious to counter the ever-evolving landscape of online deception.

Author: Terry KS

Share This Post On