[ad_1]
Cybercriminals launder stolen funds through ordinary people thanks to a small ecosystem of user-friendly apps that unwittingly turn mobile users into money mules.
A new report from Cloud SEK details one such app. “XHelper” is an Android platform that connects fraudsters with Indian citizens, and its job is to quickly receive stolen funds and pass them on to a shadowy third party. It has a clean and user-friendly interface, which makes the whole process fairly simple and allows you to obscure the nature of the payment and who is on the other end of each transaction.
App is enabled butchering a pig, perpetrate task fraud, loan fraud, e-commerce fraud, and illegal gambling activities on a large scale. Currently, around 37,000 active users have around 16,000 verified bank accounts and move a whopping 160 million rupees (just under 2 million USD) per day.
And beyond XHelper, CloudSEK researcher Sparsh Kulshehtra said, “Our research has identified similar schemes in other countries, creating a united front against money laundering taking advantage of unsuspecting individuals.” This highlights the need for
How XHelper works
Last summer, Chinese cybercriminals were busted 40,000 people live on 5 continents for loan fraud. To hide so much illicit income, they utilized a network of hundreds of thousands of online payment accounts.
That’s how researchers realized for the first time that, in addition to the scam itself, there was something deeply wrong underlying it. As a result, they arrived at his XHelper. XHelper is an app designed to not only hide the source of funds, but also its purpose from users.
XHelper is distributed online by fake “money transfer” businesses. New members are recruited by “agents”. This is an individual on her Telegram posing as a representative of a successful company that needs help managing a large number of day-to-day transactions. As agents earn bonuses for each new hire, laundering networks become larger and more robust.
Similar to other gig economy apps, new employees register their (payment) information and then start accepting jobs. In this case, you take money from one party and give it to another party within minutes.
The user gets a portion (0.2-0.3%) of the loot. This increases as you complete more tasks, earn higher ratings, and add more bank accounts. A novice user can get a few hundred rupees (less than $5) for his troubles by just moving 10,000 or 20,000 rupees in a day through one or two bank accounts. A user at the highest level, on average, moves tens of millions of dollars a day and gets back thousands of dollars. The app’s top three users, ‘shahbaz’, ‘Register26’ and ‘Ranjan1982’, have earned more than 12 million rupees (approximately $145,000), and that number is growing.
Can the Money Mule be stopped?
The fact that ordinary people are conducting large amounts of near-instantaneous transfers begs the question: why aren’t they getting caught?
Firstly, the app offers a series of helpful tutorials that cover not only how to use the various features, but also how to deal with unfavorable situations, set to eerie and gloomy tunes, along with upbeat stock music.
The most important of these is a tutorial that pretends to be a small business and guides users to register a business bank account. These corporate accounts allow you to process large volumes of transactions without raising the same red flags that personal accounts do.
Mules also have other tricks at their disposal, such as using different payment systems to receive and send money. “Funds may enter Lava’s account via UPI (India’s common payment system), but the app will instruct them to transfer via IMPS (Instant Payment Service).” [an Indian interbank transaction system]. “This layering of transfer methods may be an attempt by criminals to obfuscate transaction history and avoid detection by flagging mechanisms,” he explains.
Kulshetra said banks, governments and regulators are needed to identify and curb such practices. everyone has a role to playso are the organizations targeted by these scams.
“Educating your employees and customers through training and awareness campaigns will help them recognize and avoid these schemes. By focusing on understanding the threats, strengthening internal defenses, and building user awareness, It creates a strong shield against cyber fraud,” he concludes.
[ad_2]
Source link
