A new report by Kromtech Security researchers reveals that credit card thieves are laundering hundreds of thousands of dollars by using popular mobile games like “Clash of Clans.”
The researchers first discovered this money –laundering ring back in June of this year while analyzing an unsecured MongoDB database.
The database itself was freely accessible to members of the general public without the utilization of any password even though it contains the credit card information of thousands of individuals. These researchers realized very soon they had NOT uncovered a corporation that was being shoddy with the data of its customers; it was actually a database that belonged to “carders” which is a popular term for credit card thieves.
This particular gang of carders essentially hoped to launder funds they had stolen from credit card accounts via smartphone games.
Lots of mobile game players are “obsessed” with advancing in their games or have otherwise been frustrated by the mechanics of a game that forces them to wait over extensive periods of time before certain features of that game can be unlocked. This, more often than not, results in a number of players attempting to find ways to progress in their games—even if it means spending their hard-earned money.
Kromtech researchers discovered that a gang of carders had designed a complex automated mechanism uses the credit card info they’ve stolen to purchase phony Apple ID accounts and virtual in-game power-ups like gems and gold. They then sell the virtual power-ups to other players on 3rd party platforms like G2G. The defrauders were swapping funds for in-game power-ups and currencies without linking them to the stolen credit card info.
In this specific occurrence, the gang targeted renowned mobile games like “Clash Royale,” “Marvel Contest of Champions,” and “Clash of Clans.” Those three mobile games generate around $330 million in yearly revenue from more than 250 million players.
These fraudsters essentially left their credit card info exposed on the web, however, which was how Kromtech was able to uncover their scam.
Thoughts anyone? Comment below.
