Cybersecurity firm
Sophos
has released new findings on
CryptoRom
scams. Such campaigns are designed to trick users of dating apps into making fake cryptocurrency investments (also known as pig butchering). In its latest report, researchers have discovered that CryptoRom scammers are refining their techniques. Hackers have added a new AI chat tool, like ChatGPT, to their toolset. Scammers have also expanded their coercion tactics by telling victims their crypto accounts were hacked and more upfront money is needed.
As per the report, scammers were able to sneak seven new fake cryptocurrency investment apps into the official
Apple App
and
Google Play
stores. In 2022, investment fraud caused the highest losses of any scam reported by the public to the FBI’s Internet Crimes Complaint Center (IC3), totalling US$3.31 billion in the US alone.
Frauds
involving cryptocurrency, including pig butchering, represented most of these scams, increasing 183% from 2021 to US$2.57 billion in reported losses last year.
New tools scammers are using
Sophos’s research team first learned of CryptoRom scammers using the AI chat tool (most likely ChatGPT) when a victim reached out to the team. After contacting the victim on
Tandem
, a language-sharing app that has also been used as a dating app, the scammer convinced the victim to move their conversation to WhatsApp. The victim became suspicious after he received a lengthy message that was partly written by an AI chat tool using a large language model (LLM).
The research team also uncovered a new scammer tactic designed to extort additional money. Traditionally, when victims of CryptoRom scams attempt to cash in on their “profits,” fraudsters will tell them they need to pay a 20% tax on their funds before completing any withdrawals. However, a recent victim revealed that after paying the “tax” to withdraw money, the fraudsters said the funds had been “hacked” and they would need another 20% deposit before receiving the funds.
To get past the Apple App Store review process, the app developers use the same technique Sophos first reported on in February 2023. They submit the app for approval using legitimate, run-of-the-mill web content. Then, once the app has been approved and published, they modify the server hosting the app with code for the fraudulent interface.
Credit: Source link