Cybercriminals in India are using an Android-based application called XHelper to orchestrate a large-scale money laundering scheme using a network of hired money mules.
CloudSEK researchers Sparsh Kulshrestha, Abhishek Mathew, and Santripti Bhujel revealed that XHelper is a crucial tool for managing these money mules and facilitating the illegal operations.
The scam was initially uncovered in October 2023 when Chinese cybercriminals exploited the Indian Unified Payments Interface (UPI) service to carry out illegal transactions under the guise of offering instant loans, taking advantage of the lack of coverage under the Prevention of Money Laundering Act (PMLA).
The scheme involved the transfer of illicit funds to hired money mules who were recruited from Telegram and received commissions for their involvement in the fraudulent transactions.
XHelper enabled Chinese payment gateways to exploit UPI’s QR code feature, using compromised accounts to move illegal funds through fraudulent payment channels back to China.
The application also helped in managing the money mules efficiently, enabling them to track earnings and streamline the process of payouts and collection. Mules were required to register unique UPI IDs and configure banking credentials to participate in the scheme.
Additionally, XHelper allowed for the recruitment of agents who would refer new mules, creating a pyramid-like structure that expanded the network of participants involved in the money laundering activities.
The platform also provided training on opening fake corporate bank accounts, navigating account freezes, and handling customer support calls from banks to verify transactions, thus aiding in the continuation of illegal activities.
CloudSEK emphasized that XHelper is just one example of a growing ecosystem of similar applications facilitating money laundering scams across different operations.
Kaspersky’s report highlighted a surge in mobile malware, adware, and riskware attacks in 2023, with adware being the most prevalent threat detected.
In December 2023, Europol announced the arrest of 1,013 individuals involved in money laundering, alongside the identification of numerous money mules and recruiters as part of a global crackdown on illicit financial activities.
