Cyber Crime
From PigButchering to Loan Scams: How Chinese Scammers Operate XHelper App To Launder Money From India
New Delhi: A high-tech mobile application called XHelper has been exposed as a central hub for large-scale money laundering operations in India. This app is at the heart of a complex scam operation, managing a network of individuals, known as “money mules,” to move illicit funds through fake payment gateways across various scams, including e-commerce fraud and illegal gambling, said cybersecurity firm CloudSEK in its latest report.
What Are Money Mules?
Money mules are people who, knowingly or unknowingly, transfer illegally obtained scam money on behalf of others. They play a critical role in cybercrimes, making it harder for law enforcement agencies to track the flow of stolen funds. Bangalore-based cyber security firm CloudSEK’s recent findings spotlight a loophole exploited by cybercriminals, using these mules to launder money back to China through Indian bank accounts.
ALSO READ: International Cybercrime Ring Busted: Pig Butchering, Cyber Slavery, Stock & Passport Fraud Uncovered
Earlier, In October 2023, CloudSEK identified a critical loophole within India’s banking infrastructure. This loophole was actively exploited by Chinese cybercriminals to orchestrate a large-scale money laundering scheme targeting Indian citizens.
The scheme leveraged a network exceeding hundreds of thousands of compromised “money mule” accounts to funnel illicit funds through fraudulent payment channels, ultimately transferring them back to China.
What is XHelper?
XHelper appeared to be a normal app with features like ranking systems and support. However, it was actually used by criminals to recruit “money mules.” These individuals are the first to receive stolen funds in their bank accounts and then transfer them to other accounts helping criminals to launder money.
XHelper simplifies the illegal transfer of funds, providing a platform for scammers to easily manage their operations. It features a ranking system for mules, pushing them to transfer more money quickly, and even offers support via Telegram, making it dangerously efficient.
ALSO READ: Phishing Alert: Chinese Cybercriminals Target Indian Investors with Fake Brokerage Apps
How Did it Work?
There were two main roles for money mules:
- Collection: Mules passively received stolen money into their accounts.
- Payout: Mules actively transferred the received money to other accounts within 10 minutes, completing the laundering process.
The Recruitment and Training of Money Mules
Recruitment is carried out through Telegram and other social media platforms, with a preference for corporate bank accounts due to their higher transaction limits. The app offers a Learning Management System for new recruits, teaching them how to launder money, handle cryptocurrency transactions, and maximize their illegal gains.
Execution of Illicit Transactions
Once onboarded, mules are assigned collection and payout orders, which they execute using their linked bank apps. Orders are processed swiftly within strict timeframes, with rewards offered for successful transactions. Funds transferred from mule accounts are eventually converted into cryptocurrencies by threat actors, after deducting their commission.
CloudSEK researcher said this fraud campaign not only deceived individuals but also caused financial losses and reputational damage to banks. It also highlights the need for stricter regulations and improved user awareness.
The discovery of XHelper signals a pressing need for coordinated efforts among banks, cybersecurity entities, and law enforcement to mitigate the risks associated with such sophisticated operations.