AI-Powered CryptoRom Scam Targets Mobile Users

Written by

CryptoRom, a notorious scam that combines fake cryptocurrency trading and romance scams, has taken a new twist by utilizing generative artificial intelligence (AI) chat tools to lure and interact with victims. 

Sophos security researchers Jagadeesh Chandraiah and Sean Gallagher shared the findings in a report published today, where they said they investigated the growing trend of “shā zhū pán” (pig butchering) scams, which have been targeting mobile device users for the past two years.

CryptoRom scams typically begin by contacting potential targets through dating apps or social media platforms. 

Once the conversation moves to private messaging apps like WhatsApp or Telegram, the scammers introduce the idea of trading cryptocurrencies and offer to guide the targets through installing and funding a fake crypto-trading app.

Read more on CryptoRom: Researchers Warn of Crypto Scam Apps on Apple App Store

What makes this new development particularly concerning is the use of generative AI tools like ChatGPT or Google Bard to assist scammers in creating more convincing conversations with targets. This not only makes the interactions more persuasive but also reduces the workload for the scammers when dealing with multiple victims.

Moreover, recent cases revealed that scammers are not stopping at the initial “tax” payment but are coming up with additional excuses to extract even more money from victims.

The scammers have also slipped their fraudulent apps past both Apple’s and Google’s app store reviews by modifying the app’s content after approval. By changing a pointer in remote code, the benign app can be switched to a fraudulent one without further scrutiny.

“Prior to being able to get their apps into the Apple Store, CryptoRom fraudsters had to use an awkward technical workaround to target iOS users, which could alert their victims that something was amiss,” Gallagher explained. 

“Now, it’s much easier for them to target iPhone users, expanding their victim pool.”

The researcher warned individuals who believe they may have fallen victim to these scams to report the incident to local authorities experienced in dealing with fraud cases

Victims are also advised to contact their banks to see if any transactions can be reversed and report the wallet addresses of the fraud to the relevant cryptocurrency exchange.

What’s hot on Infosecurity Magazine?