A cybersecurity company, Sophos, revealed that CryptoRom scammers are improving their techniques by adding AI chat tools such as ChatGPT to their toolkit to defraud iPhone and Android users.
In its latest report, “Sha Zhu Pan Fraud Uses AI Chat Tool to Target iPhone and Android Users,” Sophos said that scammers have also expanded their coercive tactics by telling victims that their encrypted accounts have been hacked and more upfront funds are needed.
According to the report, since May, Sophos X-Ops discovered that fraudsters managed to infiltrate seven new fake cryptocurrency investment applications into the official Apple app and Google Play stores, increasing the odds for victims.
It noted that in 2022, investment fraud caused the largest losses of any fraud reported by the public to the FBI’s Internet Crime Complaint Center (IC3), totaling $3.31 billion in the United States alone.
Scams involving cryptocurrencies, including pig slaughter, accounted for the majority of these scams, increasing by 183% from 2021 to $2.57 billion in reported losses last year.
OpenAI’s ChatGPT as a tool
Speaking on the company’s findings, principal threat researcher at Sophos Sean Gallagher, said:
1. Since OpenAI announced the release of ChatGPT, there has been widespread speculation that cybercriminals may be using the software for their malicious activities. We can now say, at least in the case of pig slaughter hoaxes, that this is, in fact, happening.
2. “One of the main challenges faced by scammers using CryptoRom scams is having persuasive, ongoing conversations of a romantic nature with targets; these conversations are mostly written by ‘keyboarders’, who are primarily based outside of Asia and have a language barrier.
3. Using something like ChatGPT can be a more efficient and effective way to keep those conversations going, making scams less labor intensive and more realistic. It also enables keyboardists to interact with several victims simultaneously.”
He said Sophos X-Ops also uncovered a new scammer tactic designed to extort additional money.
“Traditionally, when victims of CryptoRom scams attempt to cash in on their “profits,” fraudsters will tell them they need to pay a 20% tax on their funds before completing any withdrawals.
“However, a recent victim revealed that after paying the “tax” to withdraw money, the fraudsters said the funds had been “hacked” and they would need another 20% deposit before receiving the funds,” he said.
He added that upon further investigation, Sophos X-Ops found seven fake cryptocurrency investment apps in the official Google Play and Apple App stores.
These apps have seemingly benign descriptions in the app stores (BerryX, for example, claims to be reading-related). However, as soon as users open the app, they are met with a fake crypto-trading interface.
“Prior to being able to get their apps into the Apple Store, CryptoRom fraudsters had to use an awkward technical workaround to target iOS users, which could alert their victims that something was amiss. Now, it’s much easier for them to target iPhone users, expanding their victim pool.
“These apps are also easy to recycle and reuse. In fact, the BerryX app appears related to the fake apps we discovered and blocked earlier this year.
“While we’ve alerted Google and Apple to these latest apps, it’s likely more will pop up. These fraudsters are ruthless.
“Today, they’re telling victims their accounts have been hacked to extort more money, but in the future, they’re likely to think of new methods of initial and double extortion,” Gallagher said.
According to Sophos, the best defense against pig butchering is awareness of these campaigns.
The company, therefore, advised users who are suspicious or think they may have been a victim to reach out to their security solutions provider.