Delhi Police’s Cyber Crime Unit (CyPAD), took note of various WhatsApp messages getting circulated, wherein the recipients were being induced and enticed to download an App through the link given in the WhatsApp messages.
It was regarding daily commission earning of up to Rs.3000 in less than 30 minutes of time spent on the App. As per the messages being circulated, the stated task being performed through the app was of promoting internet celebrities on Facebook, YouTube and Instagram.
Since the messages were coming from ISD numbers, (which could be virtual numbers), and were inducing the recipient to download an app, NEWWORLD.APK, through a short (encrypted) URL, hence the activity was identified as suspicious and the Malware Forensic Lab of CyPAD-NCFL was asked to examine the URL, the App as well as other linked aspects.
The functioning of the app showed that it claims to add Rs. 6 in the User’s account if the task given to the app user on Facebook, YouTube, etc., is completed. To earn more money, the App provided for VIP accounts. But to use these VIP accounts, the user had to add money in his app account. Analysis of money trail revealed that the amount was being routed to various Indian bank accounts.
Malware analysis of the Mobile App NEWWORLD.APK reported that several dangerous permissions were being obtained by this App, such as permission to download and install new software packages (Apps), take pictures and videos, read/modify/delete SD card contents, etc.
The App was flagged as a Malwareby a reputed Anti-Virus. The malware App was accessing Users’ contact book and sending messages to their contacts. It was found that the malicious App was able to discreetly download QQ Browser App, which is an App of the QQ family of Apps which have been banned by Ministry of Electronics and IT in June, 2020. Further, the website and the App were hosted and connecting to IPs that were found assigned to Chinese companies.
Also, a complaint was received from a victim of this fraud, wherein it was alleged that she was cheated of an amount of Rs.50,000/- by using an app which she got in the form of a link through her colleague. The complaint was enquired and it was found that the defrauded money was being routed to the same bank accounts. Accordingly, a Case FIR was registered under various sections of IT Act and IPC and investigation taken up by Cyber Crime Unit (CyPAD), Special Cell.
Considering the seriousness of the matter, a special team constituting of Insp. Parveen, Insp. Hansraj, Insp. Brahm Prakash, SI Sunil, SI Ajit and others were formed under the supervision of ACP Aditya Gautam to take prompt action.
During the investigation, it was found that the defrauded money was being routed to multiple bank accounts registered in the name of various Pvt. Ltd companies. The addresses of these companies and the profile of their Indian Directors raised suspicion. In some of the companies, Chinese nationals were found to be the main Directors at various points of time. The Indian Directors were the ones who were working as accountants, office boys, drivers, etc., for these foreign nationals.
The money trail analysis revealed that the defrauded money was being laundered through multiple shell companies and through Crypto-wallets. The key operatives behind these shell companies were identified through the field and technical surveillance and they were arrested on 13/01/2021 in simultaneous multiple raids conducted at several locations across Delhi-NCR. In the raids, a total of 12 persons have been arrested, including two Chinese nationals:
1. Ms Chaohong Deng Daoyong r/o Sichuan, China Aged 27 Years
2. Ms Wu Jiazhi r/o Sichuan, China Aged 54 Years
A cash amount of Rs.25.42 Lakh of the defrauded money has been recovered from the possession of the Chinese nationals. 12 Bank Accounts, Crypto-Wallets and Payment Gateway IDs have been blocked and a total of Rs. 4 Crore 75 lakhs of the defrauded money has been frozen.
The accused have also used the cheated money to purchase Crypto-currency (Tether) and over the last two weeks, crypto-transactions worth over Rs. 4.5 Crores have been made to siphon out the funds. The connected wallet currently has Tethers worth over Rs. 8 lakhs which has been frozen.
The Payment Gateway used by the accused has confirmed a total of 39,781 victims who have been defrauded by this App till now.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.