A LinkedIn Experience scam i uncovered?

The OPCOPRO campaign, identified in October 2025, represents a sophisticated investment scam that leverages AI-assisted social engineering to defraud victims. By creating synthetic trading communities, attackers cultivate trust over several weeks before soliciting funds or sensitive identity documents. The operation relies on the abuse of official mobile app stores to establish legitimacy, using apps as simple gateways to attacker-controlled infrastructure rather than traditional malware.

What happened

Attackers initiated the fraud through unsolicited SMS messages and social media outreach, impersonating prominent financial institutions to lure victims into WhatsApp and Telegram groups. Within these groups, the scam employed a combination of large language models and generative tools to maintain a continuous, convincing "show."

Researchers observed that the groups were populated by AI-generated personas and automated participants designed to simulate an active, institutional-grade trading environment. These "peers" asked staged questions, reported fabricated profits, and reinforced the authority of AI-generated "experts" to condition victims.

Once trust was established, victims were directed to mobile applications available on official platforms like the Apple App Store and Google Play. These apps functioned as WebView shells, displaying fake trading data, account balances, and investment performance generated entirely server-side. Because the apps contained no malicious code, they bypassed traditional security detections. The infrastructure allowed the operators to collect KYC-style documents for identity theft and direct deposits from victims. The modular nature of the operation, which relies on LLM-assisted scripts and reusable backend templates, enables the attackers to rapidly scale and redeploy the scam across different regions and languages.