Sophos, a global leader in innovating and delivering cybersecurity as a service have identified seven fake cryptocurrency investment apps in the official Google Play and Apple App stores.
According to the cybersecurity platform, these apps include AIGPA X G-M, BerryX, Bone Global, Momclub, Metaverse Ranch, and “CMUS. All of these, despite different descriptions, have fake crypto trading interfaces loaded from remote websites.
Many of these apps claim their store listings to be for other purposes. But when they are opened, they contact a remote URL that loads a CryptoRom fake crypto-trading interface prompting users to invest.
CryptoRom, a notorious scam that combines fake cryptocurrency trading and romance scams, has taken a new twist by utilising generative artificial intelligence (AI) chat tools to lure and interact with victims.
Jagadeesh Chandraiah and Sean Gallagher, Sophos security researchers, in a recent report “Sha Zhu Pan Scam Uses AI Chat Tool to Target iPhone and Android Users.” analysed the growing trend of “shā zhū pán” (pig butchering) scams, which have been targeting mobile device users for the past two years.
CryptoRom scams typically begin by contacting potential targets through dating apps or social media platforms.
Once the conversation moves to private messaging apps like WhatsApp or Telegram, the scammers introduce the idea of trading cryptocurrencies and offer to guide the targets through installing and funding a fake crypto-trading app.
What makes this new development particularly concerning is the use of generative AI tools like ChatGPT or Google Bard to assist scammers in creating more convincing conversations with targets. This not only makes the interactions more persuasive but also reduces the workload for the scammers when dealing with multiple victims.
Moreover, recent cases revealed that scammers are not stopping at the initial “tax” payment but are coming up with additional excuses to extract even more money from victims.
The scammers have also slipped their fraudulent apps past both Apple’s and Google’s app store reviews by modifying the app’s content after approval. By changing a pointer in remote code, the benign app can be switched to a fraudulent one without further scrutiny.
“Prior to being able to get their apps into the Apple Store, CryptoRom fraudsters had to use an awkward technical workaround to target iOS users, which could alert their victims that something was amiss.”
“Now, it’s much easier for them to target iPhone users, expanding their victim pool,” Gallagher said.
The researcher warned individuals who believe they may have fallen victim to these scams to report the incident to local authorities experienced in dealing with fraud cases.
In addition, victims are also advised to contact their banks to see if any transactions can be reversed and report the wallet addresses of the fraud to the relevant cryptocurrency exchange.