Fake Gemini Chatbot Used to Sell Phony “Google Coin” Cryptocurrency
Researchers reported an active cryptocurrency scam using a polished “Google Coin” presale website paired with a fake chatbot impersonating Google’s Gemini AI assistant. The site presents “Google Coin” as a legitimate Google-backed token (Google has no such cryptocurrency) and uses Gemini-like branding cues (e.g., sparkle icon and “Online” status) to build trust while guiding victims toward irreversible crypto payments to attacker-controlled wallets.
The impersonating chatbot is designed to function as an automated closer: it answers investment questions, provides specific (fabricated) return projections (e.g., presale price vs. expected listing price), and persistently steers users toward purchase. Analysis noted the bot maintained a consistent “official helper” persona while refusing verifiable company details (registered entity, regulator/license, audit firm, official email) and deflecting concerns with vague claims about “transparency” and “security,” mirroring high-pressure social engineering tactics previously requiring human operators.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
2 events from the most recent confirmed update back to the earliest known activity.
Malwarebytes publishes analysis and wallet IOCs for the AI-enabled crypto scam
Malwarebytes Labs published details of the scam, describing how the chatbot delivered tailored return projections, deflected due-diligence questions, and sometimes escalated users to an unnamed 'manager.' The report also highlighted the operation as an example of AI-enabled social engineering at scale and shared scam wallet addresses as indicators of compromise.
Researchers identify fake 'Google Coin' site using a bogus Gemini chatbot
Security researchers reported a cryptocurrency presale scam centered on a fictitious token called 'Google Coin.' The site impersonated Google branding and used a counterfeit chatbot posing as Google's Gemini AI assistant to persuade visitors to buy the nonexistent coin with cryptocurrency payments.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
3 references tracked. Mallory keeps watching after this page renders.
Fake Gemini AI Chatbot Used in Crypto Scam
techrepublic.com
Open sourceScammers use fake “Gemini” AI chatbot to sell fake “Google Coin” | Malwarebytes
malwarebytes.com
Open sourceScam Abuses Gemini Chatbots to Convince People to Buy Fake Crypto
darkreading.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Scams and Malware Abusing Google Branding to Steal Cryptocurrency
Security researchers reported multiple campaigns abusing *Google* branding to drive crypto theft. Malwarebytes identified a polished fraudulent “presale” site promoting a fake token called **“Google Coin”** and embedding a chatbot that impersonates **Google Gemini**; the bot delivers a scripted investment pitch, cites specific token pricing and a “2026 roadmap,” and steers victims toward sending irreversible cryptocurrency payments while avoiding verifiable corporate, regulatory, or registration details. Separately, Kaspersky’s Securelist detailed **BeatBanker**, an Android malware campaign targeting Brazil that spreads via phishing to a website masquerading as the **Google Play Store** (e.g., `cupomgratisfood[.]shop`) and distributing trojanized APKs such as a fake “INSS Reembolso” app. The malware combines a **cryptominer** with a **banking Trojan** capable of device hijacking and screen overlays, including swapping destination addresses during **USDT** transactions in apps like *Binance* and *Trust Wallet*; newer samples reportedly replaced the banking module with **BTMOB RAT** while retaining the broader infection chain and persistence techniques (including looping near-inaudible audio to resist termination).
Mar 21, 2026
AI-Assisted Cryptocurrency Investment Scams Targeting Japan via Malvertising and Pig-Butchering Tactics
Threat actors are running cryptocurrency investment scams across Asia—**heavily targeting Japan**—that blend **malvertising** (paid ads on platforms such as Facebook and Instagram) with **pig butchering**-style long-con social engineering. Infoblox reported identifying large clusters of suspicious domains (including domains consistent with **registered domain generation algorithms (RDGAs)**) disproportionately queried by users in Japan; victims are funneled from fake ads impersonating financial experts or “AI-driven” trading systems to lure sites that push them into messaging apps (e.g., **LINE**, WhatsApp, KakaoTalk) via links or QR codes. Once in chats, victims are engaged by **AI bots** posing as experts/assistants, fed fabricated success stories, and nudged from small “test” deposits to larger transfers; when victims attempt withdrawals, scammers demand additional payments such as a **“release fee.”** Reported losses tied to this activity have reached **up to ¥10 million** per victim. A related pattern shows scammers using **AI chatbots as high-pressure sales agents** for fake crypto offerings: Malwarebytes documented a live “**Google Coin**” presale site using a chatbot impersonating Google’s **Gemini** branding to provide tailored investment projections and steer victims toward **irreversible cryptocurrency payments**; Google does not have a cryptocurrency. While this “Google Coin” case is a separate scam instance from the Japan-focused malvertising/pig-butchering operation, it reinforces the same operational shift highlighted by Infoblox: **automation and AI-driven conversational tooling** are increasingly replacing human operators to scale persuasion, maintain consistent scam personas, and accelerate victim conversion from initial interest to payment.
Mar 21, 2026
Google Sues Outsider Enterprise Over Gemini-Assisted Phishing and Smishing
Google filed a lawsuit in the U.S. District Court for the Southern District of New York against **Outsider Enterprise**, an alleged China-based cybercrime network accused of abusing **Gemini** and other AI tools to build phishing websites and support large-scale smishing campaigns targeting U.S. consumers. Google said the Telegram-based operation functioned as a phishing-as-a-service platform, offering more than 290 prebuilt templates and infrastructure used to impersonate brands and institutions including Google, YouTube, USPS, banks, DMVs, mobile carriers, and E-ZPass in order to steal credentials and payment information. According to Google, the campaign was tied to more than **9,000** fake websites, over **1 million** fraudulent URLs, and roughly **2.5 million** smishing messages sent to Android users during a two-week period in May, while users reported at least **55,000** related spam texts and losses reached millions of dollars across hundreds of thousands of victims. The company said it has disabled abusive accounts and infrastructure, is coordinating disruption efforts with the **FBI Cyber Division** and major U.S. carriers including **AT&T, T-Mobile, and Verizon**, and is pursuing claims under `RICO` and the `Lanham Act` as part of a broader effort to curb AI-enabled scam operations.
Jun 22, 2026