Beware of fake banking and loan apps that offer instant loans but, in reality, collect your Personal Identifying Information (PII) and financial data, while also requesting excessive permissions to access data on your phone.

The cybersecurity researchers at CloudSEK have found a new scam campaign in which Chinese scammers are targeting the Indian digital payment system using illegal instant loan apps. The scammers have lured thousands of victims, making false promises of substantial loans on easy instalments and after obtaining personal details and fees, they vanish. 

The researchers have identified that the reason why law enforcement agencies have been unable to trace their malicious activities is that scammers are using Chinese payment gateways and Indian money mules.

The campaign was discovered between 22nd July and 18th September 2023. The researchers claimed that there have been around 30,000 Adhaar cards and bank accounts have been breached, 40,000 devices compromised, and thousands of users have been tricked.

CloudSEK initiated an investigation on 8 September 2023 after identifying a malicious app advertised by cybercriminals. This app impersonated a well-known bank headquartered in Tamil Naidu, India recording a revenue of $23million. The fake domain name of the C2 server followed this pattern: .online.

Chinese Scammers Use Fake Loan Apps for Money Laundering
Screenshot: CloudSEK

Further probing, according to CloudSEK’s report, revealed a sophisticated scam operation orchestrated by Chinese scammers. So far, scammers have collected more than INR 37 lakhs (equivalent to $46,000) via 55 malicious Android applications. The lure involved offering a loan of 641 crore INR. CloudSEK claims to have identified over 15 obscure payment gateways operated by Chinese scammers.

Their modus operandi relies on false promises in which scammers create fake loan apps and promote them for offering huge loans and flexible repayment packages. Victims are lured into giving away sensitive personal data, including name, phone number, bank account details, and address.

The malicious apps demand excessive permissions, prompting users to grant access to contacts, photos, and other sensitive information. The scammers vanish after extracting their desired information and receiving loan processing fees from the victims, typically 5% of the promised loan amount.

The entire campaign was difficult to track due to its transnational reach. However, it is worth noting that the scam is not confined to India; in fact, scammers are operating a vast network that spans multiple countries, including the following:

  • Brazil
  • Turkey
  • Mexico
  • Vietnam
  • Malaysia
  • Colombia
  • Indonesia
  • Philippines
  • South Africa

Moreover, scammers exploit regulatory gaps such as the UPI service providers (Unified Payments Interface) in India do not come under the PMLA (Prevention of Money Laundering Act) purview, which is a significant loophole that scammers are actively exploiting.

A notable trend we’ve observed is scammers exploiting Chinese payment gateways due to their relative ease of use and limited regulatory scrutiny. These gateways offer a convenient bridge to funnel funds outside India, leveraging sophisticated techniques that blur jurisdictional lines, making it challenging to track and intercept the money trail, said Sparsh Kulshrestha, Senior Security Analyst at CloudSEK.

This enables scammers to sidestep the legal and financial roadblocks, making it imperative for authorities to enhance cooperation and adopt advanced measures to counter this sophisticated threat,” added Kulshrestha.

The scammers have a robust money mule network where intermediaries receive funds from scammers and transfer them to other accounts for a commission ranging from 1% to 2% of the total transaction amount. Indian bank customers are the primary targets of this campaign. to entice potential money mules, scammers use several different tactics like face-to-face meetings and sponsored travel.

An analysis of the fraudulent payment gateways revealed that money is transferred either through online (UPI) or offline (debit card) methods and distributed between multiple recipients. However, fraudsters maintain a presence within India to collect SIM cards and bank accounts for money laundering.

Mitigation efforts involve collaboration between banks and NPCI for enhancing security measures such as the verification of new mobile numbers added to bank accounts. In addition, organizations and regulatory bodies must remain informed about evolving scam tactics and devise reliable fraud detection and prevention measures.

Additionally, it is essential to strengthen UPI security, and service providers must consider additional security measures to protect users. Finally, common sense is your most effective defence against such scams, as the saying goes, “There’s no such thing as a free lunch.” Therefore, don’t anticipate receiving free loans without any consequences.

  1. Hacker Leaks 73M Records from Indian HDFC Bank Subsidiary
  2. Indian Ticketing Platform RailYatri Hacked – 31 Million Impacted
  3. Chinese Spyware on Google Play Store Apps had 2M Downloads
  4. China’s insidious surveillance against Uyghurs with Android malware
  5. Covid antigen test results of 1.7m Indian, foreign nationals leaked online

Leave a Reply

Your email address will not be published. Required fields are marked *