The Android app XHelper, initially disguised as a legitimate money transfer service, has been unveiled as the epicenter of a sophisticated global money laundering network. CloudSEK’s Threat Intelligence team discovered its pivotal role in orchestrating money mule schemes and deceptive payment systems, facilitating the laundering of illicit funds originating from loan scams, illegal gambling, and other fraudulent activities. The app exploits a critical loophole within India’s banking infrastructure, allowing Chinese cybercriminals to conduct large-scale money laundering, targeting unsuspecting Indian citizens.
The scheme involves 37 thousand active users linked to 16 thousand bank accounts, with XHelper processing $1.9 million daily through more than 7000 transfers. Money mules play a crucial role in this operation, incentivized by commissions and equipped with a feature-rich app that automates money laundering processes. This discovery by CloudSEK sheds light on a growing ecosystem of similar applications facilitating money laundering across various scams, emphasizing the need for heightened cybersecurity awareness.