内容来源：https://www.wired.com/story/the-ultra-realistic-ai-face-swapping-platform-driving-romance-scams/

内容总结：

近日，一款名为“浩天”（Haotian）的中文人工智能应用引发国际关注。该应用凭借其高度逼真的人脸替换技术，在通讯软件Telegram上通过订阅制销售，已获利数百万美元。调查发现，该技术已被东南亚“杀猪盘”等网络诈骗团伙广泛用于实施犯罪。

“浩天”由一家注册于柬埔寨金边的公司运营，其软件可精细调整面部50多项参数，并能实时生成深度伪造视频通话，支持在微信、WhatsApp等多平台使用。该公司宣称其主要服务于娱乐直播主，并禁止非法使用，但其在Telegram频道及网站上的宣传用语多次暗示可帮助构建“令客户完全信服的精英人设”，甚至直接使用“精聊”（指代社交工程诈骗）等涉诈术语。

区块链分析公司Elliptic追踪发现，与“浩天”关联的加密货币钱包近年收到超过390万美元，其中近半数资金流向已被美国制裁的诈骗交易平台。约120万美元资金往来于“浩天”与柬埔寨汇旺担保（Huione Guarantee）之间，该平台已于今年初因协助诈骗被查封制裁。

网络安全研究人员指出，“浩天”是东南亚地区首批流行的深度伪造工具之一，其效果“近乎完美且日益精进”。联合国毒品和犯罪问题办公室报告显示，东南亚网络犯罪集团已利用至少10种人脸替换工具实施加密货币诈骗、冒充公职人员等犯罪。

尽管“浩天”声称会对用于制作色情内容等违规行为设限，并终止欺诈账户，但其公开渠道曾宣传“可通过挥手、触摸面部等动作通过真人检测”。在媒体质询后，该公司主要Telegram频道突然关闭，并否认运营官方网站。

专家提醒，深度伪造技术正成为全球网络犯罪产业链的重要环节。虽然单笔技术交易金额常在数百至数千美元，但这些工具降低了犯罪门槛，与数据买卖、假网站构建等黑产环节共同支撑起庞大的诈骗生态。公众进行视频通话时，可要求对方在面部前挥手观察画面异常，但仍需警惕技术迭代带来的识别挑战。

中文翻译：

中文人工智能应用"浩天"效果惊人，通过在其Telegram频道销售换脸技术已获利数百万美元。该服务可轻松集成至WhatsApp、微信等通讯平台，宣称用户能调整多达50项参数——包括颧骨大小、眼位等细节——以精准模仿目标面容。尽管浩天是个功能强大的多面手平台，但研究人员与《连线》杂志分析发现，该服务始终面向所谓"杀猪盘"诈骗者及东南亚网络犯罪集团进行营销。

诈骗分子利用浩天等深度伪造工具，让受害者在"视频通话"中见到他们误信的投资顾问、网友甚至网恋对象，从而为其骗局披上真实外衣。加密货币追踪公司Elliptic对浩天关联的四个加密钱包分析显示，该公司近年至少收取390万美元款项，其中部分资金来自涉嫌欺诈等犯罪活动的加密钱包。Elliptic指出，近半数付款流向美国政府制裁的诈骗交易市场。

越南反诈组织ChongLuaDao的网络安全调查员吴明孝（原黑客，现已改过自新）表示，约2021年问世的浩天是"同类产品先驱且极受欢迎"。他对浩天及其运营进行了深入研究："其效果近乎完美，且每天都在进步。查看加密钱包就会发现，资金每日都在流入。"

浩天仅是东南亚蓬勃发展的网络犯罪产业与强迫劳动诈骗园区所催生科技生态的冰山一角。随着换脸及其他视频深度伪造工具日益普及，全球诈骗与其他网络犯罪中越来越多出现它们的身影。过去两年间，联合国毒品和犯罪问题办公室官员已识别出十余种可能被东南亚网络犯罪分子使用的换脸工具，涉及加密货币诈骗及冒充警察等犯罪活动。

浩天虽设有换脸工具官网，但主要通过Telegram公共频道推广桌面应用（据吴明孝研究，该频道始于2023年10月）。这个拥有超两万订阅者的频道不仅发布新版应用、开发进度，还提供技术支持。尽管通过Telegram营销软件本身并非恶行，但研究人员指出，浩天的客户群日益偏向那些早已在该通讯软件上搜寻灰色市场服务的诈骗分子。

Telegram拒绝置评。但在《连线》联系该公司后，浩天主频道及部分关联账户陆续失效或疑似被删除。Telegram未回应是否主动封禁这些账户的询问。

这家总部设于柬埔寨金边的公司宣称提供当地上门安装服务。联合国研究人员在2024年报告中特别提及这项"当日上门安装"服务，并附有疑似诈骗窝点手机屏幕显示浩天标识的截图。

浩天在官网与Telegram的宣传材料中，屡次暗示该工具可用于可疑活动。某条Telegram帖文称其技术能打造"客户完全信服的精英真实人设"（诈骗者常将行骗对象称为客户）。研究人员关注的另一则消息写道："聊天缺乏真实感？没有信任？用浩天AI换脸软件视频通话解决所有烦恼。毕竟这么漂亮的女孩怎么会说谎呢？"

安全公司Tehtris三月发布的研究追踪了浩天近年使用的多个域名，包括现用站点"haotian.ai"及历史地址"haotianai.com""haotianai.us"。吴明孝研究发现，浩天网站曾公开提及社会工程学手法。在Telegram和自有平台上，浩天讨论社会工程学时频繁使用"精聊"一词，该术语在实践中特指"杀猪盘"类诈骗。

《连线》记者用英语联系浩天Telegram账号询问服务详情时，对方以中文回复称不接受英文沟通及采访："我们的目标客户是娱乐主播或直播销售。我们只提供直播换脸软件，不允许产品用于非法活动。"据《连线》翻译，该公司部分材料注明其禁止制作深度伪造色情内容。

浩天向《连线》表示，若发现账户用于欺诈将立即封禁，并否认向诈骗中心投放广告，推测相关宣传"极可能"来自仿冒账号。当被问及官网涉嫌面向诈骗者的宣传语时，浩天Telegram账号声称公司并无网站。在记者发送官网截图及存档链接后，该账号删除了全部对话记录。

使用浩天桌面软件主要有几种方式。网络安全公司DarkTower情报总监加里·沃纳指出，最流畅的换脸效果需使用预设人脸或上传多张人物照片供系统建模。宣传视频中展示了埃隆·马斯克和莱昂纳多·迪卡普里奥的案例，用户也可提供素材生成自定义面容。原始素材越少，效果越不理想。无论如何，用户都能通过精细工具调整换脸后的面部特征。据研究人员及宣传视频显示，生成视频可实时推送到WhatsApp、Line、Telegram、Facebook、Viber、Zoom、微信等平台的视频通话中。

此外，浩天在关联Telegram频道宣传语音模拟功能及AI客服聊天机器人。该公司帖文称其技术支持"克隆任意人声用于实时通话或语音消息"，并能实现男女声转换。

全球安全倡导者与监管机构日益警惕诈骗分子使用换脸工具构成的威胁。民众可要求视频通话对象在脸前挥手，通过检测画面卡顿或扭曲来识别深度伪造。但浩天在帖文中宣称已升级系统，即使通话者触摸面部或挥手也不会影响流畅度。Telegram上的宣传还声称该服务支持飞吻、眨眼、舔唇及摇头转头等动作。

虽然浩天官网提供软件下载，但其主要通过订阅制销售。早前网站显示"全功能"版本年费达4980美元，同时提供更廉价的套餐。

据吴明孝研究，浩天在2023年10月开通Telegram频道数日后，便设立了与Huione Guarantee（亦称Haowang Guarantee）关联的账户。这个与柬埔寨Huione集团关联的线上市场通过Telegram提供押金托管服务，促成诈骗所需工具的买卖，包括受害者数据交易、深度伪造服务、人口贩卖用的带电GPS追踪脚镣等。今年1月该平台被美国政府制裁关停前，研究人员估计其促成的灰色市场交易额超240亿美元。

Huione Guarantee同时是浩天的支付处理与托管服务商。双方关联证据多年来可见于两家公司的Telegram支付频道，《连线》查阅的聊天记录及多位研究人员的发现都印证了这种联系。

加密货币追踪公司Elliptic联合创始人兼首席科学家汤姆·罗宾逊透露，浩天使用的加密钱包近年收到3558笔付款，总额390万美元。其中120万美元往来于浩天与Huione相关实体，双方交易于11月7日终止。该服务使用稳定币泰达币（USDT）结算，超3007笔付款金额超过100美元，单笔最高入账达14890美元，大量交易额集中在500美元左右。

罗宾逊研究发现，部分向浩天付款的加密钱包涉及潜在犯罪活动："至少52起已知诈骗案件的赃款流入这些钱包。"他补充说，关联诈骗事件的账户已被Elliptic合作方标记："若这是诈骗分子使用的平台，用诈骗所得付款完全符合预期。"

尽管浩天持续升级深度伪造功能，但它仅是诈骗分子众多工具中的一环。更庞大的诈骗经济生态还依赖被盗数据交易、虚假社交媒体账号、诈骗网站，以及构成欺诈技术栈的各类数字工具。

加密货币追踪公司Chainalysis国家安全情报主管安德鲁·菲尔曼指出，浩天的运营模式与被制裁的Huione Guarantee平台上的其他科技公司类似——这些实体通常处理数十万至数百万美元交易。相比东南亚诈骗经济整体规模虽属小额，但菲尔曼认为流向技术卖家的这些渐进式交易支撑着整个非法生态。

"几千美元就能走很远，"他表示，"我们谈论的不是需要十万美元才能启动的杀猪盘技术。买家很可能不仅购买AI语音和人脸识别软件，他们还在寻求获取数据、搭建网站，构建诈骗技术生态的其他环节。"

英文来源：

The Chinese-language artificial intelligence app Haotian is so effective that it’s made millions of dollars selling its face-swapping technology on Telegram. The service integrates easily with messaging platforms like WhatsApp and WeChat and claims that users can tweak up to 50 settings—including the ability to adjust things like cheekbone size and eye position—to help mimic the face they are impersonating. But while Haotian is a robust and versatile platform, researchers and WIRED’s own analysis have found that the service has been marketing to so-called “pig butchering” scammers and those running online fraud operations in Southeast Asia.
Scammers have used Haotian and other deepfake tools to more easily substantiate their deceptions by allowing victims to “videochat” with the character they believe they have been talking to as part of an investment opportunity, friendship, or even romantic relationship. Analysis by the cryptocurrency tracing firm Elliptic of four cryptocurrency wallets linked to Haotian shows the company has received at least $3.9 million in payments in recent years, including money from cryptocurrency wallets linked to alleged criminal activity, including fraud. Additionally, almost half of its payments had ties to a scam marketplace sanctioned by the US government, Elliptic says.
Hieu Minh Ngo, a reformed criminal hacker turned cybercrime investigator at the Vietnamese scam-fighting nonprofit ChongLuaDao, says that Haotian, which emerged around 2021, was “one of the first of its kind and very popular.” Ngo has conducted extensive research into Haotian and its operations. “Its results are nearly perfect,” he says. “And they are getting better and better every day. If you check in the crypto wallet, you will see the money coming in every single day.”
Haotian is just one part of the wider tech ecosystem that has emerged around Southeast Asia’s booming cybercrime industry and forced labor scam compounds. And as face swapping and other video deepfake tools have become more widely available, they have increasingly been incorporated into scamming and other types of cybercrime around the world. In the last two years, officials working for the United Nations Office on Drugs and Crime have identified more than 10 face-swapping tools potentially being used by cybercriminals in Southeast Asia, including for cryptocurrency scams and police officer impersonation.
Haotian has a website for its face-swapping tool, but it primarily promotes its desktop app via a public Telegram channel, which launched in October 2023 according to Ngo’s research. Through this channel, which now has more than 20,000 subscribers, the company markets new versions of the app, gives development updates, and offers technical support. While marketing software through Telegram isn’t inherently nefarious, researchers say that Haotian’s customer base has increasingly skewed toward scammers who already seek out information about an array of gray market services on the messaging app.
Telegram declined to comment. However, after WIRED got in touch with the company, the main public Haotian Telegram channel and some associated accounts became inaccessible or appeared to have been deleted. Telegram did not return a request for comment on whether the company took these accounts down.
Haotian is a Cambodia-based company that says it is headquartered in Phnom Penh and advertises on-site installation services and support in the region. UN researchers highlighted this “same-day on-site installation” service with a screenshot in their 2024 report that shows Haotian's logo on a phone screen at a possible scam site.
The company’s marketing materials on both its website and Telegram frequently reference the tool’s utility for what could be potentially shady activity. One post on Telegram says the technology can help to create an “elite, authentic persona” that the “client completely believes.” (Scammers often refer to people that are being scammed as customers or clients). Another message highlighted by researchers said: “The chat lacks authenticity? No Trust? Use Haotian AI face-changing software to make a video call to solve all your troubles. After all, how could such a beautiful girl lie?”
Research published in March by the security firm Tehtris tracked various domain names that appear to have been linked to Haotian in recent years, including the current site “haotian.ai,” and past addresses “haotianai.com” and “haotianai.us.” Meanwhile, Ngo’s research found that Haotian’s website has openly referred to social engineering techniques. On both Telegram and its own website, Haotian’s discussion of social engineering frequently uses the phrase “精聊” or “jingliao” that literally means “deep chat” or “spiritual chat.” In practice, though, the phrase refers to social engineering and particularly connotes “pig butchering” scams.
When WIRED reached out to a Haotian Telegram account in English with questions about the service, it responded in Chinese saying it could not communicate in English and that it does not “accept” interviews. “Our target customers are entertainment streamers or live salers,” the Haotian account said in Chinese. “We only provide face-swapping software for live streaming and do not allow our products to be used for illegal activities.” In some of its materials, the company notes, according to translations by WIRED, that it places limitations on creating deepfake pornography.
Haotian told WIRED that it would terminate accounts if it found they were being used for fraud and said it is “not true” that it advertises to scam centers. The account speculated that if such marketing exists, it is “most likely” from accounts impersonating Haotian. When asked about language on haotian.ai that appears to market to scammers, the Haotian Telegram account said that the company does not have a website. After WIRED sent the account a screenshot of the current Haotian website and a link to an archived version, the Haotian Telegram account deleted the entire conversation.
There are a few ways to use Haotian’s desktop software. Gary Warner, director of intelligence at the cybersecurity firm DarkTower, says that the most seamless face swaps come from using the company’s pre-programmed faces or inputting a number of photos of a person so the company can build a face model of them. Examples in promotional videos include Elon Musk and Leonardo DiCaprio, but users could also provide materials so the system can generate their own face or someone else’s. The less source material Haotian has to work with, the less compelling the results will be. Regardless, users can tweak their face-swapped appearance using granular tools to hone various facial attributes. The video output, according to researchers and the company’s promotional videos, can be streamed to video calls on WhatsApp, Line, Telegram, Facebook, Viber, Zoom, WeChat, and other platforms.
Additionally, Haotian advertises voice impersonation features and an AI support chatbot in an associated Telegram channel. Posts in the company’s Telegram channel say its technology supports “cloning anyone’s voice for real-time calls or voice messages” and changing a voice from sounding male to sounding female or the reverse.
Security advocates and authorities around the world have increasingly warned about the threat of cybercriminals using face-swapping tools as part of scams. One concrete measure people can take to help detect potential fraud is to require that the person they are video chatting with waves their hands in front of their face to check for glitches or distortions that could indicate a deepfake. Haotian claims in posts, though, that it has added improvements so the system will work seamlessly if someone touches their face with their hands or waves their hands in front of their face while on video. Posts on Telegram also claim that the service supports blowing kisses, blinking, licking lips, or the subject turning or shaking their head.
While a version of its software can be downloaded from the Haotian website, the firm has primarily sold its software using subscriptions. A previous version of Haotian’s website said a “fully functional” version of its software could cost $4,980 per year, while cheaper packages were also available.
Days after Haotian launched its Telegram channel in October 2023, Ngo’s research says, the company also set up a Telegram account linked to Huione Guarantee, which is sometimes known as Haowang Guarantee. The online marketplace, linked to the Cambodian company Huione Group, provided a deposit and escrow service over Telegram, facilitating the sale of many of the tools needed for scamming, including the sale of victim data, deepfake services, electrified GPS-tracking shackles used in human trafficking, and more. In January, before Huione Guarantee was shut down and then sanctioned by the US government for helping facilitate scams, researchers estimated that the platform had facilitated more than $24 billion in gray market transactions.
Huione Guarantee was Haotian’s payment processor and escrow service as well. Evidence of the relationship has been visible for years in Telegram channels related to both companies where customers are completing payments. Chat logs reviewed by WIRED as well as findings from multiple researchers reinforce this link.
Tom Robinson, cofounder and chief scientist at the cryptocurrency tracing firm Elliptic, says cryptocurrency wallets used by Haotian have received 3,558 payments totalling $3.9 million in recent years. $1.2 million of that was between Haotian and Huione entities, with transactions between them ending on November 7. The service uses the stablecoin Tether, also known as USDT. There have been more than 3,007 payments in excess of $100, Robinson says, and the biggest incoming transaction to Haotian has been for $14,890, he says, with a “large number” of transactions around $500.
Some cryptocurrency wallets paying Haotian have been linked to potential criminal activity, according to Robinson’s research. “Proceeds of at least 52 known fraud instances had ended up at these wallets,” he says, adding that accounts linked to the fraud incidents were flagged by Elliptic’s partners. “That's exactly what you'd expect if this is a platform that’s used by fraudsters—that they'd be paying for it from the proceeds of fraud that they’ve committed.”
While Haotian regularly releases new features and improves the quality of its deepfakes, it is, of course, only one of many possible tools that scammers could use as part of their operations. The broader scam economy also relies on the trade of stolen data, fake social media accounts, and websites used to scam people, in addition to the vast array of digital tools that make up the fraud tech stack.
Andrew Fierman, the head of national security intelligence at cryptocurrency tracing firm Chainalysis, says that Haotian’s operations broadly seem similar to those of other companies that operated on the sanctioned Huione Guarantee platform—tech entities that often processed a few hundred thousand dollars or a few million. The amounts are small compared with the scale of the Southeast Asian scam economy overall, but Fierman says that these incremental transactions to tech sellers help prop up the illicit ecosystem overall.
“A few thousand dollars goes a long way,” he says. “We’re not talking about technology that’s costing a hundred thousand dollars to get a pig butchering scam up and running. A buyer is likely not only buying AI voice and facial recognition software, they're looking to get data and to build websites and do the other aspects of the scam tech ecosystem.”