Credit card thieves are allegedly using games like Clash of Clans, Clash Royale and Marvel Contest of Champions to launder money, according to a report.
German cybersecurity firm Kromtech claims that the thieves used roughly 20,000 stolen credit cards from late April 2018 to mind June 2018 to clean up the cash.
Those involved would create accounts in the aforementioned games and make purchases using the stolen credit cards and these accounts would then be sold on third-party markets. The money received would then have zero attachment to the stolen cards.
Regarding Clash of Clans and Clash Royale, players spend real money for premium in-game currency like gold or gems. While intended to be used for in-game advantages the currency has proven apt for money laundering.
Another factor that has led to laundering on this scale is the accessibility to create accounts on a large scale automatically. In the case of the iOS App Store, all that is needed to create an Apple ID is a valid e-mail address, password, date of birth and three security questions.
E-mail accounts were reportedly equally easy to create, with the thieves able to automate account creation on a similarly large scale. This resulted in an automated money laundering tool for credit card thieves to use.
While no immediate solutions are forthcoming, Kromtech has advised developers and service providers to protect the account creation process from misuse by using automated tools and by policing policies regarding tracking and pursuing thieves.
"Money laundering through the Apple AppStore or Google Play isn’t a new idea and has been done before,” said Kromtech communications director Alexander Kernishniuk.
“In 2011 the Danish part of the Apple App Store was flooded with expensive suspicious applications. More than 20 out of 25 of the most downloaded applications were from China.
“The price of the apps ranged from $50-$100. For example, one of them ‘LettersTeach’, was intended for children who are learning English letters, yet it cost nearly $78.
“This pointed to money laundering then, however, what we encountered now is much more sophisticated.”
A copy of Kromtech’s investigation has been sent to the Department of Justice.