Check Point researchers have detailed an investment fraud operation that uses AI-generated personas and a mobile app distributed through official app stores to construct what the company describes as a synthetic trading environment for victims.
The operation centres on a product branded OPCOPRO and what Check Point calls the "Truman Show Scam". The researchers said the approach differs from conventional financial scams because it relies on sustained social engineering and a controlled online setting rather than malicious code or standalone phishing pages.
Check Point said the Android version of the OPCOPRO app has been removed from its app store. The iOS version remained available at the time of the researchers' assessment.
Controlled funnel
Check Point said victims typically enter the scheme through unsolicited outreach via SMS, messaging apps, or online advertising. The initial contact often impersonates established financial institutions and promotes unusually high returns, according to the researchers.
The researchers said the operators then move targets into private WhatsApp or Telegram groups. These groups function as the main channel for persuasion. Check Point described them as spaces where the scammers can shape discussion and keep scepticism in check.
Synthetic community
Inside the chat groups, Check Point said victims encounter purported investment experts and fellow participants. The researchers described these personas as AI-generated and supported by staged activity.
Check Point said the groups feature fluent interactions in local languages and professional-sounding market commentary. The researchers also pointed to staged daily profits and claims of partnerships and compliance. They said the accounts use AI-generated profile images.
The researchers said the groups show "no dissent, no debate, and constant positive reinforcement". They argued that this structure creates social proof and emotional trust. They also said it produces an "echo-chamber" effect that keeps victims engaged.
App distribution
Once the operators establish credibility in the chat groups, Check Point said they direct victims to download an app branded OPCOPRO from official app stores. The researchers said the app itself does not carry out trading activity.
Check Point described the app as a WebView wrapper that displays content generated by a server. The researchers said it shows fake balances and trades. They said the design aims to make the experience look like a legitimate trading platform while keeping the core activity off the device.
KYC collection
Check Point said victims complete identity verification steps that resemble know-your-customer checks. The researchers said victims submit government identification documents and biometric photos.
The scheme then moves to funding. Check Point said victims deposit money via bank transfer or cryptocurrency. The researchers said this stage combines financial loss with the loss of high-value identity data.
Victim impact
Check Point said victims can lose deposited funds and copies of identity documents. The researchers also said victims may lose control of their digital identity and face ongoing targeting.
The company said the operation works because it replicates familiar markers of legitimacy. The researchers cited contracts, dashboards, analysts, community interaction, and documentation as elements that reinforce a single narrative.
AI at scale
Check Point said AI acts as a multiplier within the operation. The researchers said it supports multilingual conversations and consistent personas without large staffing requirements. They also said it allows automated emotional manipulation and rapid deployment across regions and brand names.
In their analysis, Check Point said current generative AI can still leave artefacts such as unnatural phrasing or repetitive templates. The researchers said those signals could become less reliable over time as models improve.
Enterprise exposure
Check Point said the scam targets individuals, but it can create risks for employers. The researchers said stolen identity documents and selfies can support SIM swaps and help desk account resets. They said those methods could weaken multi-factor authentication controls.
The researchers also pointed to coercion risks. They said victims under financial or emotional pressure can become exploitable, creating an insider-risk concern for organisations.
Check Point said mobile devices play a central role because the app can look benign and still drive risky behaviour. The researchers said apps distributed through official stores can appear trustworthy and may not trigger corporate controls focused on malware detection.
Defensive response
Check Point said traditional approaches that focus on detecting malicious code will miss this type of fraud. The researchers said defenders need to correlate app infrastructure, related domain networks, and social engineering patterns.
For individuals, Check Point advised treating unsolicited investment outreach as unsafe, verifying companies via official regulators rather than chat links, and avoiding the upload of identity documents to unknown platforms. The researchers also noted that cryptocurrency deposits are typically irreversible.
For enterprises, Check Point recommended heightened scrutiny of WebView-based financial apps and closer monitoring of domain ecosystems connected to app distribution. The researchers also suggested flagging funnels that move users from chat groups to app installs, then to identity verification and deposits.
"This isn't just a phishing scam - it's a fully constructed digital reality, powered by AI, engineered to manipulate trust over time," said Nir Horovitz, Check Point Software Technologies.
"The lesson is clear: we are entering an era where trust itself can be automated - and so must our defenses," said Vachnish.