India's UPI (Unified Payment Interface) a new tool for hackers to launder moneywww.deekpay.com

## Cybercriminals use Indian 'mercenaries' to launder money on a massive scale: XHelper app a key tool Cybercriminals are using a network of mercenaries in India to orchestrate a massive money laundering scheme through an Android app called XHelper. In a report, CloudSEK researchers Sparsh Kulshrestha, Abhishek Mathew and Santripti Bhujel say the malicious app is "a key tool for recruiting and managing these mercenaries". Details of the scam were disclosed as early as the end of October 2023. Criminals are exploiting the loophole that Unified Payment Interface (UPI) service providers in India are not regulated under the Prevention of Money Laundering Act (PMLA) to conduct illegal transactions under the guise of providing instant loans. These illegal proceeds are transferred to the accounts of mercenaries. These mercenaries are recruited through Telegram and receive commissions ranging from 1% to 2% in total transaction value. "At the heart of this operation was the payment gateway, precisely utilising the QR code functionality of UPI." the cybersecurity firm noted. The scheme used a network of hundreds of thousands of compromised "mercenary" accounts to funnel funds through fraudulent payment channels and ultimately transfer them back to other countries. The XHelper application plays an important role in managing these "mercenaries". It also provides the technology behind the fake payment gateways used in "pork processing" and other scams. The application is distributed through websites disguised as "money transfer businesses". The XHelper app also allows "mercenaries" to track their earnings and simplify the entire process of making and receiving payments. They need to register a unique UPI ID and configure online banking credentials. Payments require a quick transfer of funds to a pre-designated account within 10 minutes, while collection orders are more passive. Registered accounts receive incoming funds from other scammers utilising the platform. "Mercenaries activate order receipt in the XHelper app, enabling them to receive and fulfil money laundering tasks," the researchers said. "The system automatically assigns orders, which may be based on predetermined criteria or mercenary configurations." Once the illegal funds transfer is executed using the linked bank account, the mercenary should also upload screenshots of the transaction as proof. These screenshots are verified in exchange for financial rewards, which incentivise their continued participation. XHelper's functionality also includes inviting others to join as proxies responsible for recruiting mercenaries. This is a referral system that allows proxies to receive a bonus for each new recruit, thus fuelling an ever-expanding network of proxies and mercenaries. "This referral system follows a pyramid-like structure that drives mass recruitment of agents and mercenaries, expanding the reach of illegal activities." The researchers said. "Agents in turn recruit more mercenaries and invite more agents, perpetuating the growth of this interconnected network." Another notable feature of XHelper is that it helps train mercenaries how to efficiently launder stolen funds. It offers tutorials on how to open fake corporate bank accounts (with higher transaction limits), different workflows and how to earn more commissions. As well as using the UPI feature built into legitimate banking apps to make transfers, the platform also acts as a hub for finding ways to bypass account freezes. It helps mercenaries to continue their illegal activities and provides training on how to handle customer service calls from banks used to verify suspicious transactions. CloudSEK says: "While XHelper is a worrying example, it is vital to recognise that this is not an isolated incident." They also found "a growing ecosystem of similar apps that facilitate money laundering for various scams." In December 2023, Europol announced that in the second half of 2023, 1,013 arrests were made as part of a global operation against money laundering. The operation also led to the identification of 10,759 mercenaries and 474 recruiters (also known as "shepherds"). The disclosure comes as Kaspersky revealed that since February 2023, malware, adware and riskware attacks on mobile devices continued to rise until the end of the year. "In 2023, Android malware and riskware activity spiked, returning to 2021 levels at the beginning of the year after two years of relative calm." The Russian security vendor noted. "Adware accounts for the majority of threats detected in 2023." Reference. [1] https://thehackernews.com/2024/03/how-cybercriminals-are-exploiting.html Follow us on Welcome to our public number! We focus on global cybersecurity and selected bilingual news to bring you the latest information and in-depth analyses. Here, you can learn about cybersecurity events around the world while gaining more industry knowledge through our bilingual news. Thank you for choosing to follow us and we will continue to work hard to bring you valuable content.