CryptoRom Scammers Now Using AI Chat Tools, Fake Accounts to Hit Apple, Android Users

  • CryptoRom Scammers Also Snuck 7 New Fake Apps into the Apple and Google Play Stores
  • Sophos X-Ops also discovered that scammers were able to sneak seven new fake cryptocurrency investment apps into the official Apple App

Sophos, a global leader in innovating and delivering cybersecurity as a service, today released new findings on CryptoRom scammers—a subset of pig butchering [shā zhū pán] schemes.

These kind of schemes are designed to trick users of dating apps into making fake cryptocurrency investments.

In its latest report, Sha Zhu Pan Scam Uses AI Chat Tool to Target iPhone and Android Users, Sophos found out that since May, Sophos X-Ops has observed CryptoRom fraudsters refining their techniques, including adding an AI chat tool, like ChatGPT, to their toolset.

Scammers also expanded their coercion tactics by telling victims their crypto accounts were hacked and more upfront money is needed.

Sophos X-Ops additionally discovered that scammers were able to sneak seven new fake cryptocurrency investment apps into the official Apple App and Google Play stores, upping the potential for victims.

In 2022, investment fraud caused the highest losses of any scam reported by the public to the US’ FBI’s Internet Crimes Complaint Center [IC3], totaling US$3.31 billion in the US alone.

Frauds involving cryptocurrency, including pig butchering, represented most of these scams, increasing 183% from 2021 to US$2.57 billion in reported losses last year.

READ ALSO: Cybercriminals Turn Guns to Education Sector With Ransomware Attacks

Sophos X-Ops first learned of CryptoRom scammers using the AI chat tool—most likely ChatGPT— when a conned victim reached out to the team.

After contacting the victim on Tandem, a language sharing app that has also been used as a dating app, the scammer convinced the victim to move their conversation to WhatsApp.

The victim became suspicious after he received a lengthy message that was clearly partly written by an AI chat tool using a large language model [LLM].

A screenshot showing how the scammer used large language model-based AI in chat responses.

“Since OpenAI announced the release of ChatGPT, there has been broad speculation that cybercriminals may use the program for their own malicious activities. We can now say that, at least in the case of pig butchering scams, this is, in fact, happening. One of the main challenges for fraudsters with CryptoRom scams is carrying out convincing, sustained conversations of a romantic nature with targets; these conversations are mostly written by ‘keyboarders,’ who are primarily based out of Asia and have a language barrier. Using something like ChatGPT can be a more efficient and effective way to keep these conversations going, making the scams less labor intensive and more authentic. It also enables keyboarders to simultaneously engage with multiple victims at one time,” said Sean Gallagher, principal threat researcher, Sophos.

Money Scams

Sophos X-Ops also uncovered a new scammer tactic designed to extort additional money. Traditionally, when victims of CryptoRom scams attempt to cash in on their “profits,” fraudsters will tell them they need to pay a 20% tax on their funds before completing any withdrawals.

However, a recent victim revealed that after paying the “tax” to withdraw money, the fraudsters said the funds had been “hacked” and they would need another 20% deposit before receiving the funds.  

Upon further investigation, Sophos X-Ops found seven fake cryptocurrency investment apps in the official Google Play and Apple App stores.

These apps have seemingly benign descriptions in the app stores [BerryX, for example, claims to be reading-related]. However, as soon as users open the app, they are met with a fake crypto-trading interface.

To get past the Apple App Store review process, the app developers use the same technique Sophos first reported on in February 2023.

They submit the app for approval using legitimate, run-of the-mill web content. Then, once the app has been approved and published, they modify the server hosting the app with code for the fraudulent interface.

Scams Expose Same Origin

Many of these seven new apps recycled the same templates and descriptions, suggesting the same one or two pig butchering rings are creating the scheme.

“Prior to being able to get their apps into the Apple Store, CryptoRom fraudsters had to use an awkward technical workaround to target iOS users, which could alert their victims that something was amiss. Now, it’s much easier for them to target iPhone users, expanding their victim pool. These apps are also easy to recycle and reuse. In fact, the BerryX app appears related to the fake apps we discovered and blocked earlier this year. While we’ve alerted Google and Apple to these latest apps, it’s likely more will pop up. These fraudsters are ruthless. Today, they’re telling victims their accounts have been hacked to extort more money, but in the future, they’re likely to think of new methods of initial and double extortion. The best defense against pig butchering is awareness of these campaigns. We encourage users who are suspicious or think they may have been a victim to reach out to us,” said Gallagher.

Learn more about the latest tactics used by CryptoRom scammers in “Sha Zhu Pan Scam Uses AI Chat Tool to Target iPhone and Android Users” on

Leave a Reply

Your email address will not be published. Required fields are marked *

Next Post

MultiChoice launches DStv Stream to tap into rising popularity of streaming in Kenya

Fri Aug 4 , 2023
Share on Facebook Tweet it Share on Reddit Pin it Share it Email MultiChoice Kenya has announced the rebranding of the DStv App to DStv Stream! The new DStv Stream comes with enhanced personalization to discover content on subscribers’ profiles and a seamless, user friendly and simpler streaming experience. Viewers […]

You May Also Like

Chief Editor

Jacktone Lawi

Meet Jacktone Lawi, a seasoned technology journalist with years of experience in the industry. I have developed my passion for technology during my formative years, which has been instrumental in shaping my career trajectory. My expertise lies in reporting on emerging technologies and their impact on businesses and consumers worldwide. Through my experience I’m well-versed in covering topics such as artificial intelligence, blockchain, cybersecurity, cloud computing, and digital transformation, among others. Throughout my career, I have has demonstrated an exceptional ability to distill complex technical information into accessible and engaging content that resonates with my readers. My writing style is clear, concise, and informative, allowing me to communicate even the most technical concepts to a broad audience. Beyond my writing skills, I have also become known for extensive network of industry contacts and ability to secure exclusive interviews with high-profile figures in the technology world. These connections have enabled me to gain unique insights into the latest trends and developments in the field, giving me a competitive edge in my reporting. In addition to my work as a journalist, I’m also actively engaged in the broader technology community. Where I regularly attend conferences and events, share insights and stays up-to-date on the latest innovations in the industry. Overall, my wealth of experience as a technology journalist have given me a deep understanding of the industry and its impact on society.

Quick Links