China-based cybercriminals are coming up with all sorts of ingenious ways to scam and trick people. Their latest modus operandi is using a new app to manage a network of mules doing their bidding.
Cybersecurity firm CloudSEK has raised concerns with Indian authorities regarding an app allegedly used by China-based entities to perpetrate online financial scams involving fraudsters based in India.
According to CloudSEK’s report titled “Shadow Banking in Your Pocket,” the app known as XHelper serves as a crucial tool for managing a network of money mules engaged in various fraudulent activities.
CloudSEK’s investigation revealed that cybercriminals are exploiting the app to orchestrate scams ranging from loan frauds to illegal gambling operations. The app is distributed through websites posing as legitimate businesses, particularly under the guise of “Money Transfer Business,” thus luring unsuspecting victims into participating in illicit schemes.
The firm’s Threat Intelligence (TI) team uncovered a network of money mules that pose a significant threat to India’s banking ecosystem. CloudSEK describes money mules as individuals enlisted to receive and transfer funds obtained through fraudulent means, playing a pivotal role in executing financial crimes like cyber fraud and money laundering.
XHelper, identified as a key component in managing these money mules, serves as the technological backbone for fake payment gateways used in various scams. It facilitates fraudulent transactions, including pig butchering, task scams, e-commerce scams, and more, thereby enabling cybercriminals to exploit victims for financial gain.
CloudSEK has shared its findings with key Indian agencies, including CERT-IN, RBI, CBI, and I4C, along with other financial institutions. The firm’s Threat Intelligence and Security Researcher, Sparsh Kulshrestha, highlighted the intricate nature of the app’s operations, suggesting patterns indicative of money laundering activities.
While specific evidence details remain confidential due to ongoing investigations, CloudSEK’s research points to suspicious transaction volumes, unusual fund origins and destinations, and inconsistencies in user behaviour as potential indicators of illicit financial activities facilitated by the XHelper app.
The app reportedly onboards money mules, facilitates fraudulent money transfers through cryptocurrency and other means, and rewards scammers with commissions for transactions conducted via the platform. As CloudSEK continues to monitor and analyze emerging threats, its collaboration with Indian authorities underscores the importance of proactive measures to combat cybercrime and safeguard financial systems from exploitation.
 "Interest rates on PPF, Sukanya Samriddhi scheme, KVP unchanged for April to June")
 "Bankers, other likely buyers of Paytm Payments Bank want to redo KYC of all merchants, vendors")
 "What is e-rupee? How does RBI plan to use it in offline mode?")
 "RBI retains repo rate at 6.5% for sixth consecutive time")