Not only are scammers becoming more articulate in their chats to snare crypto victims — they are casting their nets wider.

Since the release of ChatGPT 3.5, there have been fears of cybercriminals using the generative AI program to enhance the effectiveness of their crimes.

According to Sophos, we can now say that, at least in the case of “pig butchering” scams, this is, in fact, happening.

In 2022, investment fraud caused the highest losses of any scam reported by the public to the FBI’s Internet Crimes Complaint Center (IC3), totaling US$3.31bn in the US alone. Frauds involving cryptocurrency — including pig butchering — represented most of these scams, increasing 183% from 2021 to US$2.57bn in reported losses last year.

Since May this year, the firm has observed CryptoRom fraudsters (i.e., crypto-linked romance scammers) refining their techniques, including adding an AI chat tool such as ChatGPT, to their toolset. Previously, scammers encountered limitations in their language proficiency when carrying out convincing, sustained conversations of a romantic nature with targets. With ChatGPT being deployed to boost the quality and quantity of such conversations going, scammers can simultaneously engage with multiple victims at one time, with less labor and higher success rates.

ChatGPT emboldens pig butchers

The power of ChatGPT has also been exploited by scammer to extort additional money in their ‘pig butchering’. Traditionally, when victims of CryptoRom scams attempt to cash in on their ‘profits’, fraudsters will demand a 20% tax on these funds before allowing victims to complete any withdrawals.

However, after paying the “tax” to withdraw money, a recent victim had been told by the fraudsters that the funds had been “hacked” and a further 20% deposit must be paid before the funds could be released. 

Furthermore, to cast a wider net for victims, scammers have even managed to create malicious apps and slip them past the so-called ‘screening’ of official app stores such as Google Play.


Malicious apps bypass office app stores


Seven fake cryptocurrency investment apps have already been spotted in the official app stores for Android and iOS users. These apps have seemingly benign descriptions in the app stores. However, as soon as users launch them, they are met with a fake crypto-trading interface where pig butchering activities can then commence.

How did the cybercrooks get past the app review process? Apparently, they use the same technique first reported by Sophos in February 2023: submit the app for approval using legitimate, run-of the-mill web content, then upon app approval for public release, modify the server hosting the app with code for the fraudulent interface.

As many of seven new malicious apps sport the same templates and descriptions, Sophos researchers believe a common butchering ring is responsible.

CryptoRom Chat
Contents of an actual CryptoRom chat session

While we’ve alerted Google and Apple to these latest apps, it is likely more will pop up. These fraudsters are ruthless. Today, they’re extorting more money by telling victims (convincing lies), but in the future, they’re likely to think of new methods of initial extortion and even double extortion. The best defense against pig butchering is awareness of these campaigns.

– Sean Gallagher, Principal Threat Researcher, Sophos