CryptoRom is a subcategory of hog-killing scams that are sneaking up on Android and iOS users to defraud them of their crypto assets. Sophos cybersecurity company announced the discovery on Monday. Its report states that cryptocurrency scammers are increasingly using the power of artificial intelligence (AI) tools such as ChatGPT to undermine security protocols provided by Google and Apple, targeting members of the cryptocurrency community.
In a hog-killing scam, the scammer talks to potential victims, builds a relationship of trust, and then convinces them to invest in cryptocurrencies. Once a victim’s digital wallet is “fat,” the crooks hack into the wallet and steal the funds.
In the CryptoRom scam, as the name suggests, malicious actors develop and weave a romantic relationship with victims before attacking their deposits.
“X-Ops, Sophos’s threat intelligence unit, first learned of the CryptoRom scammers’ use of an AI chat tool (likely ChatGPT) when a scammed victim contacted the team. After contacting the victim, the scammers persuaded the victim to transfer the conversation to WhatsApp. The victim became suspicious after receiving a long message that was apparently created in part by the artificial intelligence chat tool using a large language model (LLM).” report says.
Scammers are employing more sophisticated means to accomplish their notorious tasks.
Instead of hacking victims’ wallets, the CryptoRom hackers directed victims to bogus apps that appeared to be legitimate crypto-related apps. AI tools such as ChatGPT are used to keep the conversation flowing.
Sophos identified a total of 7 malicious apps that can be found on the Apple App Store and Google Play Store
“These apps are also easy to recycle and reuse. While we’ve alerted Google and Apple to these latest apps, there’s likely to be more to come. Today, they’re telling victims their accounts have been hacked.” hackers to extort more money, but in the future, they may consider new primary and double extortion methods,” said Sean Gallagher, principal threat researcher at Sophos.
The FBI’s Internet Crime Complaint Center (IC3) said that fraud cases involving cryptocurrencies will increase by 183% in 2022 compared to 2021, and were worth $2.57 billion (approximately Rs 21,270 crore) as of last year.
Amid these staggering numbers, this is not the first time there have been reports of cryptocurrency scammers abusing artificial intelligence.
Back in May, Binance chief security officer Jimmy Su said that scammers were using artificial intelligence deepfakes to compromise the security of cryptocurrency exchanges and Web3-related companies.
If scammers are successful in creating deepfakes of crypto investors, it increases their chances of bypassing crypto platform security and stealing user funds.
A recent report by blockchain research firm CertiK estimated that as much as $103 million (roughly Rs. 840 crore) was stolen in a cryptocurrency attack in April this year. Exit scams and flash loans emerged as the largest sources of stolen funds in cryptocurrency crime. CertiK estimates that in the last four months of 2023, cryptocurrency scammers and hackers stole $429.7 million (roughly Rs 3,510 crore).
Svlook