Threat Actors Using ChatGPT Lure to Target iPhone and Android Users

The “CryptoRom” scam uses ChatGPT to trick victims into downloading fake crypto-trading mobile applications. Android and iPhone users have reported increased instances of similar fraud utilizing apps from official app stores.

Within the app where they first establish contact with the target, the scammer(s) engage in an initial dialogue. 

Once on a private chat platform like WhatsApp, Telegram, or LINE, they promote the concept of exchanging cryptocurrency. They promise to “teach” the victim how to use a (fraudulent) cryptocurrency trading program and lead them through the installation and transfer of cash, ultimately diverting off as much of the victim’s money as they can. 

As a final squeeze before leaving them, they frequently inform the victim that they must pay a “tax” before accessing their fictitious money.

According to Sophos researchers, the organizations behind these frauds employ teams of “keyboarders” to conduct the majority of their contacts with targets. These “keyboarders” are low-level criminals who are occasionally forced to play their parts. 

Scammers frequently struggle with the difficulties of keyboarders connecting with targets in a non-native language to project a convincing identity as romantic interests.

According to the reports, a WhatsApp messaging thread with fraudsters revealed the usage of ChatGPT, Google Bard, or a similar service to produce text for the conversation. These technologies are based on generative artificial intelligence, which uses large language models (LLMs) to produce text content in response to a human request.

“Use of a generative AI tool could not only make the conversations more convincing but also reduce the workload on scammers interacting with multiple victims,” researchers.

“In this case, when the user saw the artifact of AI usage, he grew suspicious and subsequently contacted us to report the CryptoRom application to which the scammers had directed him.”

iOS/Android Users are Targeted

Reports of these frauds employ apps from legitimate app stores for iPhone users and Android users.

In one recent instance, customers were driven to the URL displayed to install an app over WhatsApp conversation.  The site then links to the App Store and Google Play, though the image on the website implies it is mainly geared toward iPhone users.

Figure 3: A CryptoRom app distribution website linking to both Apple’s App Store and Google Play.
A CryptoRom app distribution website linking to both Apple’s App Store and Google Play

When the applications open, they connect to a remote URL, which opens a CryptoRom fake cryptocurrency trading interface, asking users to invest. 

Figure 6: Side-by side views of the user interfaces of nearly identical CryptoRom fake apps
Investment interfaces of BerryX and Bone Global Apps

Hence, if you have been a victim of one of these scams, report it to local authorities that are versed in fraud. The US Secret Service and the Federal Bureau of Investigation both examine crypto fraud cases.

Keep informed about the latest Cyber Security News by following us on GoogleNewsLinkedinTwitter, and Facebook.

Gurubaran is a Security Consultant, Security Editor & Co-Founder of Cyber Security News & GBHackers On Security.