A fun time-killer for some, popular mobile games like “Clash of Clans” are being used to launder stolen credit card money by tech-savvy thieves, according to a report from German cybersecurity company Kromtech.
In the report, initially noted on Gamasutra, it was found that over 20,000 stolen credit cards were used in games like “Clash of Clans,” “Clash Royale,” and “Marvel Contest of Champions.” The thieves can make purchases and then resell the accounts with the purchases to a third-party, wiping their hands of any connection to the stolen credit card information.
It’s a relatively easy process, as Apple IDs, which are required to make purchases on the App Store, only need a password, date of birth, some security questions, and then an email address— and a dummy email address is easy enough to make that its not really a hindrance. Especially for the thieves, who were reportedly automating the account making process, which in turn automated the money laundering process.
Kromtech traced the stolen data being used in “Clash of Clans” back to hacked MongoDB databases, one of which stored information of more than a hundred thousand credit cards.
“The tool we found and its users currently work with countries such as Saudi Arabia, India, Indonesia, Kuwait, and Mauritania,” the report states. “We do not know if this was simply because the tool and Facebook page is new and this is just due to initial users, or if operating through these countries provides some kind of additional benefit to the thieves.”
In the report, Kromtech is advising developers to secure the process by which users can make new accounts, to guard against those who might make an automated tool to generate mass accounts.