New Delhi [India], January 13 (ANI): In a major breakthrough under ‘Operation Cyber Hawk’ against cross-border cybercrime, Delhi Police’s East District busted a cybercrime syndicate operating from Delhi to Moradabad and Bareilly, UP.
Eight accused were arrested on Tuesday, including Mohd Wasim, for facilitating mule bank accounts and laundering cybercrime proceeds, exposing a high-tech pipeline funneling Indian money into international cryptocurrency wallets.
The operation resulted in the seizure of ₹4.7 lakh in cash, 7 bank debit cards, 14 mobile phones, and 20 SIM cards, and the tracing of 85 mule bank accounts linked to 600+ NCRP complaints.
During the investigation, it was revealed that the syndicate used WhatsApp, Telegram, and SMS forwarder APKs to control mule accounts and siphon funds to China-based operators. They converted proceeds to USDT cryptocurrency via platforms like KuCoin and Binance. ₹15 crore suspicious transactions were identified and victims are being notified.
The investigation began with a single complaint from Sorna Sundari in Tamil Nadu. She reported a fraudulent deduction of ₹6,000, which was traced to a Yes Bank account in Mayur Vihar, Delhi.
Upon analysis, the account holder was identified as Mohd Wasim. A deep dive into Wasim’s banking history revealed a troubling pattern: he wasn’t just a solo fraudster; he was a “mule” for a large network. Investigators found four additional accounts in his name across Axis and Federal Bank, linked to nearly 40 other cybercrime complaints.
The syndicate operated with corporate-level efficiency, divided into distinct layers to bypass Indian banking security. Operatives like Wasim and Toseen focused on opening “Mule Accounts”–bank accounts registered in their names or in the names of poor individuals — for a small fee. These accounts served as entry points for stolen funds.
Secondary members, such as Javed and Raza Qadri, served as the technical bridge. They used Telegram and WhatsApp to communicate with handlers. Their most dangerous tool was the SMS Forwarder APK.
Once an account was opened, the accused installed an APK (like A1-neo1.apk) on the registered mobile device. This allowed China-based operators to receive transaction OTPs directly, giving them full control to siphon off funds without the account holder’s further involvement.
The investigation revealed that the puppet masters are based in China. Using the “Apay-JS” Telegram channel, these operators managed the logistics. Once money hit a mule account, it was instantly moved through multiple “layers” of other mule accounts to hide the trail, before being converted into USDT (Cryptocurrency) via platforms like Binance, MetaMask, and Bitget.
The arrested syndicate members include Mohd Wasim and Toseen (primary account procurers), Sabir, Furqan, and Sahibe Alam (handled crypto conversions and commission channelling), and Javed (managed the SMS Forwarder APKs for OTP bypass), Raza Qadri (major distributor linked to 200+ NCRP accounts and the China-based “Apay-JS” channel) and Noor Md (facilitator linked to 81 specific complaints).
The investigation of FIR No. 489/25 (PS Pandav Nagar) remains active. While the domestic arm of the syndicate has been dismantled, the police are now working with specialized agencies to track the international crypto-wallet IDs and identify more victims across the country. (ANI)