Crypto Scammers Fishing Victims on Android, iOS Via ChatGPT, Other AI Tools: Sophos

CryptoRom, a sub-category of pig butchering scams, is slyly sneaking up on Android and iOS users to dupe them off their crypto assets. The finding has been published by the Sophos cyber security firm on Monday. Its report has noted that crypto scammers are increasingly leveraging the power of Artificial Intelligence (AI) tools like ChatGPT to breach the security protocols offered by Google and Apple, targeting members of the crypto community.

In pig-butchering scams, scammers talk to potential victims, develop a trusted bond, and later convince them to invest in cryptocurrency. Once their victims’ digital wallets ‘fatten’, these scammers hack into the wallets and steal the funds.

In CryptoRom scams, as the name suggests, malicious actors initiate and weave a romantic relationship with their victims before attacking their savings.

“Sophos’ threat intelligence unit, X-Ops, first learned of CryptoRom scammers using the AI chat tool—most likely ChatGPT— when a conned victim reached out to the team. After contacting the victim on Tandem, a language sharing app that has also been used as a dating app, the scammer convinced the victim to move their conversation to WhatsApp. The victim became suspicious after he received a lengthy message that was clearly partly written by an AI chat tool using a large language model (LLM),” the report said.

Scammers are adapting to more sophisticated means to accomplish their notorious tasks.

Instead of hacking into their victims’ wallets, CryptoRom hackers are onboarding their victims onto fake apps that look like legitimate crypto-related apps. AI tools like ChatGPT are being used to keep the conversations flowing.

A total of seven malicious apps have been identified by Sophos that were available on Apple’s App Store and Google Play Store

“These apps are also easy to recycle and reuse. While we’ve alerted Google and Apple to these latest apps, it’s likely more will pop up. Today, they’re telling victims their accounts have been hacked to extort more money, but in the future, they’re likely to think of new methods of initial and double extortion,” said Sean Gallagher, Principal Threat Researcher, Sophos.

In 2022, US’ FBI’s Internet Crimes Complaint Center (IC3) said frauds involving cryptocurrency increased 183 percent from 2021 to amount worth $2.57 billion (roughly Rs. 21,270 crore) as of last year.

Amid these staggering numbers, this is not the first time that reports about crypto scammers who misuse AI have emerged.

Back in May, Binance Chief Security Officer Jimmy Su said scammers are tapping into AI deepfakes in order to breach the security of crypto exchanges and Web3-related firms.

If scammers succeed in creating deepfakes of crypto investors, it increases their chances of bypassing the security of crypto platforms and stealing user funds.

A recent report from blockchain research firm CertiK estimates that a whopping $103 million (roughly Rs. 840 crore) was stolen in crypto exploits this year in April. Exit scams and flash loans emerged as the largest source of stolen funds in crypto crimes. In the last four months of 2023, CertiK estimates $429.7 million (roughly Rs. 3,510 crore) were stolen by crypto scammers and hackers.