Threat actors target UPI users as UPI offers a convenient platform for transferring money, often with less severe security than traditional banking systems.
Due to fewer security measures, threat actors exploit user behavior and transaction process vulnerabilities to commit fraud, steal sensitive information, and carry out financial scams.
Cybersecurity researchers at CloudSEK recently discovered that the widespread use and relatively lower security measures of UPI attract threat actors to perform money laundering attacks to target UPI users.
Successful exploitation allows threat actors to illicitly transfer funds, leveraging UPI transactions’ anonymity and ease of use.
UPI Money Laundering Alert
A money mule is crucial in facilitating financial crimes, like cyber fraud or money laundering, by receiving and transferring funds obtained through fraud.
CloudSEK uncovered a significant loophole in India’s banking system in October 2023.
Chinese threat actors actively exploited this flaw to run a massive money laundering scheme by utilizing a vast network of compromised “money mule” accounts to channel illicit funds through fraudulent payment channels.
Malware analysis can be fast and simple. Just let us show you the way to:
- Interact with malware safely
- Set up virtual machine in Linux and all Windows OS versions
- Work in a team
- Get detailed reports with maximum data
If you want to test all these features now with completely free access to the sandbox: ..
With the help of this illicit method, threat actors ultimately send back the funds to China.
CloudSEK’s TI team discovered a network of money mules endangering India’s banking system. This report focuses on a harmful mobile app (APK) used to recruit and control these mules.
Researchers exposed the APK’s functions and the vulnerabilities it exploits, which also revealed the mechanics of the threat actor’s operation.
XHelper, a sophisticated app crafted by threat actors, efficiently manages money mules and acts as the tech backbone for fake payment gateways in scams like Pig Butchering, Task scams, Loan scams, E-Commerce scams, and Illegal gambling apps.
Besides this, under the guise of “Money Transfer Business,” it’s distributed through websites posing as legitimate businesses.
Threat actors convert Mule-transferred funds into cryptocurrencies, which then pay scammers in USDT after deducting their commission.
XHelper provides mules with features like earnings tracking and competition ranking and a support system via Telegram accounts bound to the app.
Threat actors get attracted to the XHelper app, as it offers a user-friendly design, simplifies illegal transactions, and streamlined payout/collection processes.
Money mules input net banking and UPI details in the app, which allows direct fund transfers to their UPI accounts.
Money mules are recruited by “Agents” via Telegram channels. Agents masquerade as businesses needing fund managers, and the recruitment is often done through personal connections.
The app lets new mules start with 2 banks, and leveling up boosts the limits, unlocking more rewards. Agents and mules prefer corporate accounts for higher transaction limits that enable larger sums for illicit activities.
Impact On Banks
Here below, we have mentioned the impact on banks:-
- Financial Losses
- Operational Strain
- Technological Risks
- Customer Trust
- Legal and Compliance Issues
- Transaction Monitoring Costs
- Resource Allocation
- International Compliance Challenges
Security Measures
Here below, we have mentioned all the security measures offered by the security researchers:-
- Enhance Merchant Account Opening Procedures
- Bolster Netbanking Security Measures
- Address Victim Information Sharing
- Leverage External Data for Risk Assessment
- Integrate Payment Red Flags in Faster Payments
- Explore Payment Delays for High-Risk Users
With Perimeter81 malware protection, you can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits. All are incredibly harmful and can wreak havoc on your network.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.