CryptoRom, a well-known scam that blends fake cryptocurrency trading and romance scams, has taken a new turn by incorporating generative artificial intelligence (AI) chat tools to entice and engage with victims.
According to a report by Sophos security researchers Jagadeesh Chandraiah and Sean Gallagher, the rise of “shā zhū pán” (pig butchering) scams has targeted mobile device users over the past couple of years.
The typical modus operandi of CryptoRom scams involves reaching out to potential victims through dating apps or social media platforms. Once the conversation transitions to private messaging apps like WhatsApp or Telegram, the scammers introduce the concept of trading cryptocurrencies and offer to assist the victims in installing and funding a fake crypto-trading app.
What sets this new development apart is the utilization of generative AI tools such as ChatGPT or Google Bard to aid scammers in crafting more believable conversations with their targets. This not only enhances the persuasiveness of the interactions but also lightens the workload for scammers handling multiple victims.
Furthermore, recent incidents have unveiled that scammers are not content with just the initial “tax” payment and are devising additional excuses to extort more money from their victims.
These fraudulent apps have managed to bypass scrutiny from both Apple’s and Google’s app store reviews by altering the app’s content post-approval. By adjusting a pointer in remote code, the benign app can seamlessly transition into a fraudulent one without raising suspicions.
Sean Gallagher highlighted, “Prior to being able to get their apps into the Apple Store, CryptoRom fraudsters had to use an awkward technical workaround to target iOS users, which could alert their victims that something was amiss. Now, it’s much easier for them to target iPhone users, expanding their victim pool.”
Individuals who suspect they have been ensnared by these scams are urged to report the incident to local authorities skilled in handling fraud cases. Victims should also reach out to their banks to explore the possibility of reversing any transactions and report the wallet addresses used in the fraud to the pertinent cryptocurrency exchange.
This cautionary tale serves as a reminder to exercise vigilance and due diligence when engaging in online interactions involving cryptocurrency trading and romantic encounters. Stay informed, stay safe.