A report by German Cyber Security firm Kromtech says that Credit Cards thieves are laundering money through Clash of Clans and other mobile games.
Money laundering and mobile games. Who would have thought that you would read the two terms in the same sentence? But as it turns out, criminals have been laundering money through Clash of Clans and other mobile games.
In a report by a German Cyber Security Firm Kromatec, they found that the scammers were only using three games for laundering money: Clash of Clans, Clash Royale, and Marvel Contest of Champions. Out of the three, the former two belong to Supercell.
How do they do it?
The whole process is a bit complex and technical. But basically, Kromatec investigated MongoDB, a popular NoSQL database which had poor configuration which made it easier for credit card thieves to gain access to it.
They said, “In June 2018 we have spotted a strange database publicly exposed to the public internet (no password / login required) along with a large number of credit card numbers and personal information inside.
As we examined the database we rapidly became aware that this was not your ordinary corporate database, this database appeared to belong to credit card thieves (commonly known as carders) and that it was relatively new, only a few months old. So we dug much deeper.”
They found out these to be “malicious actors”, which were utilizing an automated system of free-to-play games, third-party account resale websites, and Facebook to launder money.
The scammers created fake email IDs for verification, which were used to create fake accounts on Supercell and Apple ID. These accounts were then loaded with the above mentioned games. These games were then loaded with in-game currency, which was bought through the stolen credit cards. The accounts were later put up for sale on third party websites. If you are interested to go into technicalities, here is the report.
“With the account creation process automated, the malicious actors then took the process further, automatically changing cards until a valid one is found, automatically buying games and resources, automatically posting the games and resources for sale, working with a digital wallet for order processing, and managing multiple Apple devices to distribute the load.”
We have reached out to Supercell for their comments. We will update the article once they contact us.