According to a new report, popular smartphone games such as “Clash of Clans” are being used to launder hundreds of thousands of dollars on behalf of credit card thieves.
Researchers at Kromtech Security describe how they first came across the money-laundering ring in mid-June when they analysed an unsecured MongoDB database.
The database, which was freely accessible to the public without a password, contained thousands of credit card details. However, the researchers quickly surmised that they had not stumbled across an all-too-familiar story of a corporation being sloppy with its customer data, but rather a database belonging to credit card thieves (commonly known as carders).
And this particular gang were hoping to launder money stolen from these credit card accounts through mobile games.
As anyone who has played many of the most popular smartphone games will know, the demand for in-game currency is substantial. Many players are addicted to the notion of advancing in the game, or frustrated by a free game’s mechanics that force them to wait a long period of time for features to be unlocked. Inevitably this has resulted in some players trying to find unofficial shortcuts to make progress.
The security researchers realised that they were dealing with a carder gang who had created a sophisticated automated mechanism for creating fake Apple ID accounts with stolen card information, and then buying virtual “gold”, “gems”, and other in-game power-ups within games.
These virtual goodies would then be sold to other game players on third-party markets such as G2G. In short, the gang was receiving money in exchange for the game currency or power-ups, without any making any obvious link to the stolen credit card data.
In this particular instance, the fraudsters are said to have targeted popular games such as “Clash of Clans” and “Clash Royale”, as (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Graham Cluley. Read the original post at: https://www.tripwire.com/state-of-security/featured/hackers-automate-the-laundering-of-money-via-clash-of-clans/