Andoid - the app turns your smartphone into a money laundering tool.
Cybercriminals have found a new way to launder money using a network of money mules in India and a dedicated Android app.
According to a CloudSEK study, mules play a key role in money laundering schemes. They are managed through the xHelper application, which became the basis for creating fictitious payment gateways used in a wide variety of scams, including scams with the sale of non-existent goods and services.
Recruitment of mules takes place through Telegram channels under the guise of legitimate job offers in "money transfer companies". In fact, their task is to receive and quickly transfer funds to make it difficult to track their true origin. After installing xHelper, they will have to enter their bank account details via UPI (Unified Payment Interface), which is widely used in India for instant payments.
Structure of the criminal network
After registration, participants receive payments to their xHelper accounts, which are stimulated by transfer fees to "corporate" accounts. The scammers then convert the funds into a cryptocurrency-usually the stablecoin Tether — USDT) - to further conceal their origin.
xHelper Control
An interesting feature is the reward system for mules. After transferring funds over $600, mules start receiving a commission of 0.2%, which can increase to 0.3% if the amount of funds transferred exceeds $123,000. Mules are also rewarded for raising the limits of acceptable transfers, and in-app tutorials provide instructions on how to submit documents for creating fake corporate bank accounts with higher transfer limits.
According to CloudSEK, the platform has over 40,000 mule accounts and 16,000 linked bank accounts. In just 3 days in February, more than $6.7 million was transferred through the system.
CloudSEK noted that while xHelper serves as a disturbing example, it is important to recognize that this is not an isolated incident. CloudSEK's investigations have revealed a growing ecosystem of similar apps that facilitate money laundering through various fraudulent schemes.
Cybercriminals have found a new way to launder money using a network of money mules in India and a dedicated Android app.
According to a CloudSEK study, mules play a key role in money laundering schemes. They are managed through the xHelper application, which became the basis for creating fictitious payment gateways used in a wide variety of scams, including scams with the sale of non-existent goods and services.
Recruitment of mules takes place through Telegram channels under the guise of legitimate job offers in "money transfer companies". In fact, their task is to receive and quickly transfer funds to make it difficult to track their true origin. After installing xHelper, they will have to enter their bank account details via UPI (Unified Payment Interface), which is widely used in India for instant payments.
Structure of the criminal network
After registration, participants receive payments to their xHelper accounts, which are stimulated by transfer fees to "corporate" accounts. The scammers then convert the funds into a cryptocurrency-usually the stablecoin Tether — USDT) - to further conceal their origin.
xHelper Control
An interesting feature is the reward system for mules. After transferring funds over $600, mules start receiving a commission of 0.2%, which can increase to 0.3% if the amount of funds transferred exceeds $123,000. Mules are also rewarded for raising the limits of acceptable transfers, and in-app tutorials provide instructions on how to submit documents for creating fake corporate bank accounts with higher transfer limits.
According to CloudSEK, the platform has over 40,000 mule accounts and 16,000 linked bank accounts. In just 3 days in February, more than $6.7 million was transferred through the system.
CloudSEK noted that while xHelper serves as a disturbing example, it is important to recognize that this is not an isolated incident. CloudSEK's investigations have revealed a growing ecosystem of similar apps that facilitate money laundering through various fraudulent schemes.
