How Dark Apps Launder Money Through Phone and Electricity Top‑Ups

Background and Discovery

The author encountered a forum post about an app claiming to grant VIP status via recharge. Further investigation revealed that many porn‑related or otherwise illicit apps employ phone‑bill and electricity‑bill recharge interfaces as a novel money‑laundering channel, a practice previously unseen by the author.

Industry Chain Process

An unaware user (User A) discovers discounted recharge services through small online shops, public accounts, or a direct reseller. After payment, the funds do not arrive instantly; they pass through multiple intermediaries before reaching a black‑market account. The entire flow is highly concealed, making tracking difficult.

Money‑Laundering Types

Electricity Recharge : Typically involves larger amounts (200 CNY and above). The recharge target is an electricity account and user name, often belonging to individuals with high consumption or small factories. Example accounts show balances of tens of thousands of yuan.

Phone Recharge : The most common method, with flexible limits ranging from small amounts (30‑50 CNY) to large top‑ups (400‑500 CNY). Because the success rate is higher, larger sums are often laundered this way.

Alipay QR Transfer : Uses personal collection codes and merchant product codes. Victims scan a QR code, enter the payee’s name, and transfer money, often for “run‑off” (跑分) activities.

WeChat Red Packet Transfer : After adding the fraudster as a friend, the victim receives a payment order code and is asked to send a red packet of the specified amount. This method often involves multiple unverified corporate accounts, increasing the number of money‑hand‑offs.

Server Tracing and Technical Indicators

Simple API calls reveal the backend services used by the malicious app. The following endpoints were identified:

https://api.jt*****wa.com/m_sns/video/apply_play_permission

https://api.jt*****wa.com/m_game/game_list?game_ids=%5B%5D

https://api.jt*****wa.com/m_sns/posts?post_type=recommend

Additional third‑party live‑streaming APIs were also observed, indicating a broader ecosystem of content delivery and user interaction.

Conclusion

The black‑gray money‑laundering chain is a persistent threat to cybersecurity, constantly evolving from manual cash withdrawals to sophisticated QR‑code and recharge‑based schemes. Detection is difficult because funds are repeatedly transferred through opaque intermediaries. Users are urged to avoid such services and consider installing official anti‑fraud applications.