TechTarget and Informa Tech’s Digital Business Combine. Dark Reading Resource Library Black Hat News Omdia Cybersecurity Advertise NEWSLETTER SIGN-UP Cybersecurity Topics World The Edge DR Technology Events Resources ENDPOINT SECURITY REMOTE WORKFORCE THREAT INTELLIGENCE VULNERABILITIES & THREATS NEWS Scam Abuses Gemini Chatbots to Convince People to Buy Fake Crypto A convincing presale site for phony "Google Coin" features an AI assistant that engages victims with a slick sales pitch, funneling payment to attackers. Elizabeth Montalbano, Contributing Writer February 18, 2026 5 Min Read SOURCE: KHUNKORN STUDIO VIA SHUTTERSTOCK Leave it to cybercriminals to come up with yet another way to abuse artificial intelligence (AI) platforms, by creating Google Gemini chatbots slick as used car salesmen who pressure people into buying fake cryptocurrency to defraud them of money. Researchers from Malwarebytes Labs discovered a presale site for something called "Google Coin," a cryptocurrency that doesn't exist and is not being planned for release by the tech giant, it revealed in a blog post published Wednesday. While that in and of itself is a red flag, the site also features a custom chatbot that claims to be Google's Gemini AI assistant to walk people through the process of buying the fake crypto, ultimately sending their payments for the phony product through to attackers. Along the way, the fake Gemini chatbot provides an extremely professional sales pitch, never wavering from the objective of getting someone to buy Google Coin, much like a human salesperson would do in a live setting, Stefan Dasic, manager, research and response at Malwarebytes Labs, wrote in the post. "The bot … answered their questions about investment, projecting returns, and ultimately ended with victims sending an irreversible crypto payment to the scammers," he wrote. LOADING... Related:ClickFix Attacks Abuses DNS Lookup Command to Deliver ModeloRAT The bot is paired with a highly convincing presale scam site that "mimics Google's visual identity with a clean, professional design, complete with the 'G' logo, navigation menus, and a presale dashboard," as well as numerous other features that make it look legit, Dasic wrote. Chatbots Replace Human Scammers The scam demonstrates an evolution in the use of AI by malicious actors that could ultimately change how these types of financially motiviated malicious campaigns, which in the past would have a human on the other end, are conducted. In fact, they can amplify them by an order of magnitude, Dasic said. "Scammers have always relied on social engineering" to build trust, create urgency, and overcome the skepticism of potential victims, he wrote. But having humans take the time to do this has always limited how many victims could be engaged at once. "AI chatbots remove that bottleneck entirely," Dasic wrote. That's because a single scam operation can now deploy a chatbot that engages hundreds of visitors simultaneously, 24 hours a day; delivers a consistent and polished messaging; and responds to individual questions with custom financial projections or other info that can help close the deal. Chatbots also can impersonate a trusted brand’s AI assistant, i.e., Google Gemini, and if need be, escalate the conversation to human operators to finalize the transaction. Any crypto site projecting specific returns, no matter how attractive they may seem, also is likely fake, Dasic said, because "no legitimate investment product promises a specific future price," he wrote. And as always, any sites that press people to make decisions with a sense of urgency — a hallmark of most online scams — likely are just trying to defraud people of money, he added. Related:Ivanti EPMM Zero-Day Bugs Spark Exploit Frenzy — Again Highly Convincing Pair The campaign in particular delivers a strong one-two punch that makes it easy to fool even the most suspectible user, Dasic said. First there is the site itself, which not only mimics Google's branding, but also displays logos of major companies — including OpenAI, Google, Binance, Squarespace, Coinbase, and SpaceX — under a "Trusted By Industry" banner. Though none of these companies are connected to the malicious project, obviously, the branding lends credibility to the site. Moreover, if a victim gets as far as clicking to "buy" Google Coin, the wallet dashboard also looks like it might on a legit crypto platform, showing balances for Google Coin as well as Bitcoin, and Ethereum. The site also uses upsell tactics to try to get people to spend more, promising that if people buy more, their bonuses also will grow. However, what they're paying for doesn't exist, and their payment — which is irreversible — goes into the hands of attackers. Related:Booz Allen Announces General Availability of Vellox Reverser to Automate Malware Defense Similarly attackers designed the accompanying chatbot to support people through the process of the sale with unwavering conviction, never breaking character no matter what questions the researchers posed, Dasic said. "What stood out during our analysis was how tightly controlled the bot's persona was," he wrote. It never broke character and consistently looped back to various claims about how stable and valuable Google Coin is, refusing "to acknowledge any scenario in which the project could be a scam," he wrote. AI-Powered Crypto Scams Becoming Norm, Not Exception The bad news for defenders is that these types of online crypto-themed scams are only going to become more common. In fact, research by Chainanalysis cited by Malwarebytes found that roughly 60% of all funds flowing into crypto scam wallets were tied to scammers using AI tools. This poses yet another risk to online safety, demanding that people hone skills to spot when scammers are behind an offer to buy crypto online. One way is to be suspicious of any AI chatbot on a third-party crypto site that impersonates a known AI brand, Dasic said. "A chatbot calling itself 'Gemini,' 'ChatGPT,' or 'Copilot' on a third-party crypto site is almost certainly not what it claims to be," he wrote. Another warning sign is if a chatbot refuses to answer any questions about the legal entity behind the plaform, or other specific, legitimate details about a crypto operation, as scam bots will try to avoid these questions. Any crypto site projecting specific returns, no matter how attractive they may seem, also is likely fake, Dasic said, because "no legitimate investment product promises a specific future price," he wrote. And as always, he added, any sites that press people to make decisions with a sense of urgency — a hallmark of most online scams — likely are just trying to defraud people of money. About the Author Elizabeth Montalbano, Contributing Writer Elizabeth Montalbano is a freelance writer, journalist, and therapeutic writing mentor with more than 25 years of professional experience. Her areas of expertise include technology, business, and culture. Elizabeth previously lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City; she currently resides in a village on the southwest coast of Portugal. In her free time, she enjoys surfing, hiking with her dogs, traveling, playing music, yoga, and cooking. More Insights Industry Reports ThreatLabz 2025 Ransomware Report The Total Economic Impact™ Of Zscaler Private Access (ZPA) Zscaler ThreatLabz 2025 VPN Risk Report GigaOm Radar for CNAPP The Total Economic Impact™ of Google SecOps Access More Research Webinars Retail Security: Protecting Customer Data and Payment Systems Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need Securing Remote and Hybrid Work Forecast: Beyond the VPN AI-Powered Threat Detection: Beyond Traditional Security Models Healthcare Security: Protecting Patient Data and Clinical Operations More Webinars You May Also Like ENDPOINT SECURITY GitHub-Hosted Malware Infects 1M Windows Users by Elizabeth Montalbano, Contributing Writer MAR 10, 2025 ENDPOINT SECURITY DPRK Actors Deploy VS Code Tunnels for Remote Hacking by Elizabeth Montalbano, Contributing Writer JAN 22, 2026 ENDPOINT SECURITY Chrome Store Features Extension Poisoned With Sophisticated Spyware by Elizabeth Montalbano, Contributing Writer JUL 07, 2025 CYBERATTACKS & DATA BREACHES DeepSeek Breach Opens Floodgates to Dark Web by Emma Zaballos APR 22, 2025 Editor's Choice ENDPOINT SECURITY Ivanti EPMM Zero-Day Bugs Spark Exploit Frenzy — Again byNate Nelson, Contributing Writer FEB 12, 2026 6 MIN READ CYBER RISK Those 'Summarize With AI' Buttons May Be Lying to You byJai Vijayan, Contributing Writer FEB 12, 2026 5 MIN READ CYBERATTACKS & DATA BREACHES Senegalese Data Breaches Expose Lack of Security Maturity byNate Nelson, Contributing Writer FEB 12, 2026 5 MIN READ Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox. SUBSCRIBE Webinars Retail Security: Protecting Customer Data and Payment Systems THURS, APRIL 2, 2026 AT 1PM EST Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need WED, APRIL 1, 2026 AT 1PM EST Securing Remote and Hybrid Work Forecast: Beyond the VPN TUES, MARCH 10, 2026 AT 1PM EST AI-Powered Threat Detection: Beyond Traditional Security Models WED, MARCH 25, 2026 AT 1PM EST Healthcare Security: Protecting Patient Data and Clinical Operations THURS, APRIL 9,2026 AT 1PM EST More Webinars White Papers The Threat Prevention Buyer's Guide: Find the best AI-driven threat protection solution to stop file-based attacks. Assessing Security Architectures: Zero Trust vs. Network-Centric Models 5 Steps to Stop Ransomware With Zero Trust 10 Ways a Zero Trust Architecture Protects Against Ransomware Why Removing Admin Rights Is the Key to Better Cyber Insurance Rates eBook Explore More White Papers GISEC GLOBAL 2026 GISEC GLOBAL is the most influential and the larges