The Black Market of Indian Bank Account Laundering on Telegram: A Detailed Analysis (Axis Neo and Other Networks)
Intelligence and in-depth analysis have exposed a highly organized and illegal financial ecosystem operating on Telegram. The investigation reveals that "China-based companies" and "direct syndicates" are running massive campaigns to recruit Indian bank account holders as 'Money Mules'. This deepening network is primarily misusing the Indian banking framework to launder funds linked to illegal "gaming funds," "stock market funds," and "political corruption." The demand for corporate accounts like 'Axis Neo' and 'HDFC Domain ID' is highest among them, as these allow high-limit transactions and conceal the illegal flow of money through complex banking systems.
Market Analysis & Incentives
This syndicate traps people by luring them not only with commissions but also with hefty financial rewards. Analysis shows that this black market is operating daily transactions of 5-10 crore rupees and a massive 'Parking Fund' of 1,187 crore rupees.
| Fund Type | Commission Rate |
| Retail/Payin | 3-4.5% |
| Stock/Payout | 4-6% (up to 15% in some claims) |
| Political Funds | 8-22% |
| RTGS Fund | 10-18% |
Unrealistic and High-Value Rewards:
● USDT Exchange Rate: These networks promise an excessive exchange rate of 110-120 INR per USDT against the market rate (85-90 INR).
● Lucrative Bonuses: Lures like a fixed bonus of up to 12,000U (USDT) for specific corporate accounts, a cash advance of 3,50,000 INR, and iPhone 17 Pro Max (unrealistic future rewards) are offered.
● Security Deposit: A deposit ranging from 150 USDT to 5000 USDT is taken from account holders for 'OTP work', which often becomes the primary means of fraud.
Modus Operandi: The Syndicate's Methodology
These syndicates use sophisticated technical and physical tactics to keep their activities secure:
● Face-to-Face (F2F) Operations: The syndicate calls account holders to metropolitan cities like Mumbai, Delhi, Bangalore, and Kolkata. Their airfare, luxurious hotel, and food expenses are borne by the company so that direct control over the account holder's banking device can be gained.
● Hierarchical Control (Hierarchy): Roles like "Uploader/Approver" are fixed for accounts like SBI CMP, so that multiple layers of security can be added to the fund transfer process.
● Technical Tools and Access:
● Custom APKs: Use of special Android apps for remote control of accounts and automatic reading of OTPs.
● MQR and VPA: Use of 'Merchant QR' and 'Virtual Payment Address' to receive large amounts of UPI payments.
● Checker Maker: Use of two-step control (one person creates the transaction, another approves) in corporate accounts like HDFC to speed up laundering.
● Snorkel Token: This is a specific authentication tool demanded by these syndicates to secure access.
Targeted Banking Institutions
These companies prioritize banks that offer high transaction limits and complex corporate management systems. Groups like U8pay and Dragon Pay specifically demand the following accounts:
● Axis Bank: Huge demand for Neo Corporate and Paypro (2ID) accounts.
● SBI: CMP (Cash Management Product) with access from 3ID to 6ID.
● HDFC Bank: Corporate accounts with Domain ID and Checker Maker system.
● Other Corporate Institutions: IndusInd, Kotak (CMS), AU Small Finance, and Yes Bank (MSME/Corporate).
● Regional Networks: Rural banks like KGB and KAGB are used for small transactions and to blur money rails.
Key Entities and Networks
This is not a scattered network, but coordinated companies running on Telegram:
● Major Players: U8pay, Dragon Pay, and TENCENTPAY GROUP.
● Key Operators: PESOPAY (Zack Pay), DAS PAY, and Zzpay.
● Allied Networks: INRUPE, BroPay, PayX, ChageePay, and RsPay (DFPAY). All these entities use the same methodology and communication style, which points to a unified global structure.
Indicators of Compromise (IOCs)
For security awareness, it is necessary to monitor the following blacklisted Telegram handles and contact details:
Telegram Handles (Categorized by Company):
● U8 Group: @chagee6888, @U8_pay_89, @U8_payjames
● Peso/Zack Pay: @PESOPAYX, @Zackpay0, @PESOPAYXX
● Dragon/Tencent: @Dragon_payu, @SHENTENCENT, @TencentPayRmb
● Other Suspicious: @INRUPExl, @BroPay_000001, @Zzpay0226, @Neothpay
WhatsApp Numbers:
● +8525xxxx487 (Hong Kong based)
● +91635xxxx920 (Indian recruiter)
● +14254xxx24 (PESOPAY/Zack Pay contact)
Suspicious Domains and Links:
● alvo.chat (Link used for tracking and phishing)
● tatapay-web.com and trizo.app (Illegal registration links)
Mandatory Advisory
Caution: Acting as a Money Mule or renting out your bank account for illegal transactions is a serious crime. This activity is punishable under the Money Laundering and Terrorism Financing Laws (PMLA). If caught, not only will your bank account be frozen, but you may also have to face heavy fines and harsh imprisonment.
