CryptoRom scams evolve to use AI chat tools to deceive victims, says cybersecurity firm Sophos.

August 3, 2023

CryptoRom scams evolve to use AI chat tools to deceive victims, says cybersecurity firm Sophos.

CryptoRom scams [1] [2] [4] [5] [6] [7] [8] [9], a global scam that combines fake cryptocurrency trading and romance scams [1], have evolved to include the use of generative AI chat tools like ChatGPT to lure and interact with victims, according to cybersecurity firm Sophos [6] [7].

Description

Scammers employ multi-tiered organizations and information technology teams to create convincing mobile and web apps that appear to be legitimate trading platforms [3]. They initially contact potential targets through dating apps or social media platforms and then transition to private messaging apps like WhatsApp or Telegram [1]. The scams typically start with an approach through dating apps or social media [3], where the scammers eventually introduce the idea of trading cryptocurrencies [3]. They guide the victims through the installation of a fraudulent trading app and the transfer of funds [3], ultimately siphoning off as much money as possible [3]. The scammers often demand a “tax” payment before the victims can access their imaginary profits [3]. In some cases, the scammers have used generative AI tools to generate more convincing and grammatically correct text in their conversations with victims [3]. They have also found ways to extract more money from victims [1], even after the initial payment [1], by claiming that the victims’ crypto accounts have been hacked and demanding additional upfront money. Another tactic involves asking victims to pay a “tax” on their funds before withdrawing [2], only to later claim that the funds have been hacked and require another deposit. Additionally, scammers have managed to bypass app store reviews by modifying the content of their fraudulent apps after approval, making it easier for them to target iPhone users [1] [2]. Sophos has uncovered seven fake cryptocurrency investment apps in official app stores that utilize a fake crypto-trading interface [2]. These apps can be easily recycled and reused [2], further facilitating fraud targeting iPhone users. Sophos urges users to remain vigilant and reach out if they suspect they have fallen victim to these scams. Victims are advised to report the incident to local authorities and contact their banks to explore the possibility of reversing any transactions [1]. It is also important to report the wallet addresses associated with the fraud to the relevant cryptocurrency exchange. Victims have faced challenges in explaining these scams to local law enforcement [3], as there is often a lack of education and expertise in cryptocurrency fraud [3]. The scammers have managed to sneak seven new fake cryptocurrency investment apps into the official Apple App and Google Play stores [4] [5] [6]. These apps have benign descriptions but present a fake crypto-trading interface [5]. The scammers have found a way to bypass the Apple App Store review process by modifying the server hosting the app after it has been approved [5]. Sophos has alerted Google and Apple to these apps [5] [6], but more are likely to appear [5]. The increasing losses caused by investment fraud [6], particularly in the cryptocurrency space [6], are highlighted in a report by Sophos. In 2022 [6] [7], investment fraud accounted for the highest reported losses [6], totaling $3.31 billion [6] [7], with cryptocurrency scams representing a significant portion of these losses [6]. Sophos warns users to be aware of these scams and encourages anyone who suspects they may have been a victim to reach out for assistance [7]. The CryptoRom scam is a recent scam that uses crypto to deceive people [9]. It takes advantage of loopholes in Apple’s Developer Enterprise Program to create apps that bypass App Store guidelines [9]. These malicious apps imitate popular crypto exchanges like Kraken [9]. The program has been misused for years [9], allowing scammers to abuse the privileges it offers [9]. They can create apps that breach users’ privacy and use illegal tactics [9]. The scam starts on dating apps and then moves to messaging platforms like WhatsApp [9]. The victim is asked to download a fake investing or trading app that resembles popular crypto trading apps [9]. The victim is directed to a website that looks like an application marketplace to download the app [9]. When the app is downloaded [9], the victim’s information is exposed [9]. The scammer then convinces the victim to make an investment and shows them a profit [9]. The victim is persuaded to invest more by sending money to a crypto wallet address [9]. When they try to withdraw their profits [9], their account is locked [9]. One crypto wallet address associated with the CryptoRom scam received over $1.39 million in transfers [9]. The cybersecurity company Sophos reported these findings to Apple but has not received a response [9].

Conclusion

The CryptoRom scams [1] [2] [4] [5] [6] [9], which combine fake cryptocurrency trading and romance scams [1], have become increasingly sophisticated and dangerous. Scammers are now using generative AI chat tools to deceive and interact with victims [1], making their tactics more convincing and difficult to detect. These scams involve the creation of fake trading apps that appear legitimate, targeting victims through dating apps and social media platforms [1]. Once victims are lured in, scammers manipulate them into installing fraudulent apps and transferring funds, ultimately stealing as much money as possible [3]. The scammers employ various tactics, such as demanding “tax” payments and claiming hacked accounts, to extract more money from victims [1] [4]. They have also found ways to bypass app store reviews [6], making it easier for them to target iPhone users [1] [2]. The impact of these scams is significant, with billions of dollars lost to investment fraud, including cryptocurrency scams [6]. It is crucial for users to remain vigilant and report any suspicious activity to authorities and financial institutions. Education and expertise in cryptocurrency fraud are essential for law enforcement [3] to effectively combat these scams. The discovery of new fake cryptocurrency investment apps highlights the ongoing challenges in preventing and detecting these scams. It is imperative for platforms like Apple and Google to strengthen their review processes and take swift action to remove fraudulent apps from their stores. The fight against CryptoRom scams requires a collaborative effort between cybersecurity firms, law enforcement, and technology companies to protect users and prevent further financial losses.

References

[1] https://www.infosecurity-magazine.com/news/cryptorom-targets-mobile-users-ai/
[2] https://finance.yahoo.com/news/cryptorom-scammers-add-ai-chat-103000241.html
[3] https://news.sophos.com/en-us/2023/08/02/sha-zhu-pan-scam-uses-ai-chat-to-target-iphone-and-android-users/
[4] https://www.globenewswire.com/news-release/2023/08/02/2716632/0/en/CryptoRom-Scammers-Add-AI-Chat-Tool-Like-ChatGPT-and-Fake-Hacks-on-Crypto-Accounts-to-Their-Toolset-Sophos-Finds.html
[5] https://www.sophos.com/ja-jp/press/press-releases/2023/08/cryptorom-scammers-add-ai-chat-tools-and-fake-hacks-on-crypto-accounts-to-their-toolset
[6] https://menafn.com/1106768573/Cryptorom-Scammers-Add-Ai-Chat-Tool-Like-Chatgpt-And-Fake-Hacks-On-Crypto-Accounts-To-Their-Toolset-Sophos-Finds
[7] https://www.investorsobserver.com/news/qm-pr/5438127480014119
[8] https://thehackernews.com/2022/03/cryptorom-crypto-scam-abusing-iphone.html
[9] https://marketrealist.com/p/cryptorom-scam-explained/