Cyber security firm CloudSEK has informed watchdog CERT-In, banking regulator RBI and other agencies about an app that is being used allegedly by China-based entities to operate online financial scams by engaging fraudsters based out of India.
According to the report released by CloudSEK, cyber criminals are operating through an app XHelper to manage a network of money mules for loan scams, e-commerce scams, Illegal gambling apps, etc.
The app is distributed through websites posing as legitimate businesses under the guise of “Money Transfer Business”, the report titled “ShadowBankinginYour Pocket” said.
In October 2023, CloudSEK published a report on a critical loophole within India’s banking infrastructure. The firm had found that the loophole was actively exploited by Chinese cybercriminals to orchestrate a large-scale money laundering scheme targeting Indian citizens.
“CloudSEK’s Threat Intelligence (TI) team continued its investigation and has uncovered a network of money mules, posing a significant risk to the Indian banking ecosystem. This report focuses on a malicious mobile application (APK) identified as a key tool for onboarding and managing these money mules,” the report said.
CloudSEK describes money mule as an individual enlisted to receive and transfer funds acquired through fraudulent activities. The role of money mule is pivotal in the execution of various financial crimes, such as cyber fraud or money laundering, the firm said.
“Threat actors have intricately crafted a sophisticated application known as XHelper which functions as a crucial tool for efficiently managing a network of money mules. It serves as the technological backbone for fake payment gateways used in various scams, such as pig butchering , task scams, loan scams, e-commerce scams, illegal gambling apps, etc,” the report said.
CloudSEK provides cyber intelligence services to Cert-IN, RBI etc.
“CloudSEK shared the report with CERT-IN, RBI, CBI, I4C, and other financial institutions that are CloudSEK customers,” CloudSEK, Threat Intelligence and Security Researcher, Sparsh Kulshrestha said.
When asked about the findings of CloudSEK around money laundering, Kulshrestha said specific details regarding evidence are unavailable due to ongoing investigations and information sensitivity.
“CloudSEK’s research on the XHelper app likely identified patterns indicative of money laundering activities. This could include unusually high transaction volumes exceeding typical individual use, suspicious origins and destinations of transferred funds, the presence of unusual or suspicious transaction types, and inconsistencies in user behaviour suggesting potential coercion or manipulation,” Kulshrestha said.
According to the report, the app onboards money mules, facilitates money transfer of fraudulent transactions by way of cryptocurrency and other means and pays a commission to scamsters for transactions carried out on the app.