The XHelper App, an APK found on third-party app stores, has been exposed over its large-scale money laundering operation involving Chinese scammers.
CloudSEK researchers have discovered XHelper, an Android app (not to be confused with the nasty XHelper malware) linked to a money laundering network, disguised as legitimate websites for scams like fake payment gateways and illegal gambling.
In October 2023, the CloudSEK Threat Intelligence (TI) team discovered a critical loophole in India’s banking infrastructure being exploited by Chinese threat actors in a “large-scale money laundering scheme targeting Indian citizens.” The scheme involved hundreds of thousands of compromised “money mule” accounts, transferring funds back to China.
For your information, money mules are individuals involved in fraudulent activities, transferring funds and executing financial crimes like cyber fraud or money laundering.
Now, according to CloudSEK’s blog post, the XHelper app is distributed through websites designed as legitimate Money Transfer Businesses, while funds are converted into cryptocurrencies, and scammers are paid in USDT after deducting commissions.
The operation involves money mules activating order intake within the XHelper app, receiving/fulfilling money laundering tasks, and executing illicit fund transfers using their linked bank app. Successful order completion results in financial rewards within the app, incentivizing continued participation.
Money mules are recruited by agents; they operate within a network through multiple Telegram channels. They prefer corporate bank accounts with higher transaction limits as it allows them to move large sums of money more efficiently.
The Xhelper app features a referral system, allowing agents to invite others and earn bonuses for successful recruitment. This pyramid-like structure amplifies the reach of illicit activities. It is a sophisticated app designed to facilitate money laundering across the globe, swiftly managing money mule schemes via deceptive payment systems. The app’s efficient operational framework allows criminals to scale their operations without specialized knowledge.
Furthermore, the app integrates several unique features, including a mule ranking system, which allows cybercriminals to conduct their operations easily. XHelper optimizes recruitment and oversight of money mules, masking illegal fund origins and facilitating quicker transitions from bank accounts to cryptocurrency, hiding the paper trail of laundered money.
The XHelper app basically “serves as the technological backbone for fake payment gateways used in various scams, such as Pig Butchering, Task scams, Loan scams, E-Commerce scams, Illegal gambling apps, etc.,” CloudSEK researchers noted in the report.
Money mule activities can lead to financial losses and operational strain in banks, requiring additional security measures. Legal and compliance issues may result in fines and penalties. Enhanced transaction monitoring costs increase operational costs, and resource allocation is required for investigations, security measures, and compliance efforts.
Prevention of such schemes is the only solution. for which financial institutions/banks must enhance security, implement stricter verification protocols for merchant account opening, bolster net-banking security measures with multi-factor authentication, monitor suspicious activity, and educate users on secure practices.