CloudSEK Logo
February 29, 2024

Shadow Banking in Your Pocket: Exposing Android App Used by Money Mules

In October 2023, CloudSEK identified a critical loophole within India's banking infrastructure. This loophole was actively exploited by Chinese cybercriminals to orchestrate a large-scale money laundering scheme targeting Indian citizens. The scheme leveraged a network exceeding hundreds of thousands of compromised "money mule" accounts to funnel illicit funds through fraudulent payment channels, ultimately transferring them back to China.

CloudSEK's Threat Intelligence (TI) team continued its investigation and has uncovered a network of money mules, posing a significant risk to the Indian banking ecosystem. This report focuses on a malicious mobile application (APK) identified as a key tool for onboarding and managing these money mules. Through in-depth analysis, we reveal the functionalities of this APK and the vulnerabilities it exploits, shedding light on the inner workings of this criminal operation.

Authors & Contributors

Sparsh Kulshrestha
Sparsh is a Cyber Security Analyst at CloudSEK. This security professional hunts for points of vulnerability in client domains. He is OSCP certified and a bug bounty hunter who plays CTF for Team UnderDawg.
Abhishek Mathew
Cyber threat intel researcher, I excel in OSINT, HUMINT, and social engineering
Santripti Bhujel
Cyber Threat Researcher at CloudSEK
Downloadable Report

Download the Report

Download the report by clicking below.
The Download will start immediately.
Download Now
Schedule a Demo

Join our newsletter

Sign up so that you don't miss any updates from us

Shadow Banking in Your Pocket: Exposing Android App Used by Money Mules

Discover how CloudSEK's Threat Intelligence team exposed a critical flaw in India's banking system, exploited by Chinese hackers for a vast money laundering operation using "money mule" accounts, and the malicious APK at the heart of this scheme.

Download ReportSchedule a demo

In October 2023, CloudSEK identified a critical loophole within India's banking infrastructure. This loophole was actively exploited by Chinese cybercriminals to orchestrate a large-scale money laundering scheme targeting Indian citizens. The scheme leveraged a network exceeding hundreds of thousands of compromised "money mule" accounts to funnel illicit funds through fraudulent payment channels, ultimately transferring them back to China.

CloudSEK's Threat Intelligence (TI) team continued its investigation and has uncovered a network of money mules, posing a significant risk to the Indian banking ecosystem. This report focuses on a malicious mobile application (APK) identified as a key tool for onboarding and managing these money mules. Through in-depth analysis, we reveal the functionalities of this APK and the vulnerabilities it exploits, shedding light on the inner workings of this criminal operation.