The online gaming economy is being abused by regular crooks and cyber-criminals to launder their ill-gotten funds or finance other criminal operations, reveals Trend Micro in a report released today.
These actions are facilitated by the fact that in-game currencies aren’t subjected to the same governance rules as virtual or fiat currencies, and regularly get ignored by law enforcement investigators.
Criminal groups spend a lot of time converting stolen goods into in-game currencies and then back into Bitcoin or fiat currencies.
Other groups put a similar amount of effort into hacking gamers or gaming companies and stealing game currency, which they then advertise on the Dark Web, on social media, or underground hacking forums.
Trend Micro says that PC-based games are the most targeted platforms, with Pokemon GO being the exception. Popular targeted games include Minecraft, FIFA, World of Warcraft, Final Fantasy, Star Wars Online, GTA 5, Madden NFL, NBA, Diablo, and others.
In most cases, hackers use phishing to trick users into entering their credentials on fake login pages. The technique is very old but incredibly efficient, even today.
In other cases, attackers use gaming server vulnerabilities, or in-game glitches to assign huge amounts of in-game funds to their accounts, which they later sell online.
“Duping” (or duplication) is the most popular form of in-game glitch that produces large quantities of game items that hackers/crooks can then sell online. By repeating a glitch that duplicates items, hackers have an inexhaustible source of funds, until the gaming company fixes the bug.