Sophos releases new report on pig butchering scams. According to this, cybercriminals are now relying on AI support for romantic chats and inventing hacker attacks on crypto accounts in order to swindle even more money. In addition, seven new fake apps for crypto investments have been successfully smuggled into the official stores.
Sophos today released new findings on CryptoRom scams . This is a subset of so-called “pig butchering” (shā zhū pán) scams designed to trick dating app users into investing in fake cryptocurrency funds.
The newly released report “Sha Zhu Pan Scam Uses ChatGPT to Target iPhone and Android Users” details the new crackdown. Since May, Sophos X-Ops has been watching scammers refine their techniques by adding an AI chat tool such as ChatGPT to their toolbox. Criminal intimidation tactics have also expanded: victims are told that their crypto accounts have been hacked and now more money is needed. Additionally, Sophos X-Ops has discovered that scammers have infiltrated seven new fake cryptocurrency investing apps onto the official Apple App Store and Google Play Store, further increasing the number of potential victims.
In 2022, investment fraud caused the highest losses of any fraud reported by the public to the FBI’s Internet Crime Complaint Center (IC3), totaling $3.31 billion. Cryptocurrency-related scams, including so-called “pig butchering,” accounted for the majority of these scams, leading to a 183% increase from 2021 to $2.57 billion in reported losses last year.
Sophos X-Ops first learned about CryptoRom scammers using the AI chat tool, most likely ChatGPT, when a concerned victim contacted the team. After contacting the victim through the “Tandem” app – an app that connects language learners with native speakers and also used as a dating app – the scammer convinced the victim to continue the conversation on WhatsApp. The victim became suspicious when they received a lengthy message, apparently written in part by an AI chat tool using a Large Language Model (LLM).
ChatGPT for romantic chat in foreign languages
“Ever since OpenAI announced the release of ChatGPT, there has been widespread speculation that cyber criminals might use the program for their own malicious activities. We can now say that, at least in the case of ‘pig butchering’ scams, this is indeed happening. One of the main challenges faced by CryptoRom scam scammers is to have compelling and sustained romantic conversations with their targets. These calls are mainly conducted by ‘keyboard players’ who are primarily based in Asia and have a language barrier. Using a tool like ChatGPT can be a more efficient and effective way to keep those conversations going, making the scams less labor intensive and more authentic. It also allows the ‘keyboard players’
Invented hacks on crypto accounts
Sophos X-Ops has also discovered a new scam tactic used by scammers to extort additional money. Traditionally, when victims of CryptoRom scams attempt to claim their “winnings,” the scammers inform them that they must pay 20% tax on their funds before withdrawals can be made. However, a victim recently revealed that after paying the “taxes” to withdraw the money, the scammers now claimed that the funds had been “hacked” and that a further deposit of 20% of the sum was required for a withdrawal.
Using the same technique as at the beginning of the year: seven new fake apps in the official stores
Upon further investigation, Sophos X-Ops discovered seven fake cryptocurrency investing apps on the official Google Play Store and Apple App Store. These apps have seemingly innocuous descriptions in the app stores (for example, BerryX claims it has something to do with reading). However, once the users open the app, they are faced with a fake crypto trading interface.
To bypass the review process in the Apple App Store, the app developers use the same technique that Sophos first reported on in February 2023 . You submit the app for approval using legitimate, everyday web content. Once the app is approved and published, they modify the server hosting the app with deceptive interface code.
Many of these seven new apps use identical templates and descriptions, suggesting the same scam ring or two developed the scam.
Appeal to users: be suspicious
“Before the CryptoRom scammers were able to get their apps onto the Apple Store, they had to use a cumbersome technical solution to target iOS users, which could alert their victims. Now it is much easier for them to target iPhone users which expands their victim group. These apps are also easy to recycle and reuse. In fact, the BerryX app appears to be related to the fake apps we detected and blocked earlier this year. While we’ve notified Google and Apple of these latest apps, it’s likely more will emerge. These scammers are ruthless. Today they claim to the victims that their accounts were hacked to extort more money, but in the future they are likely to develop new methods of blackmail. The best defense against pig butchering is awareness of these scam campaigns. We encourage users who are suspicious or who believe they have been victimized to contact us,” Gallagher said.