Wednesday, July 18, 2018

News You Can Use: How To Launder Money Via Mobile Gaming

Criminals are so creative.
From Bleeping Computer:

Open MongoDB Database Exposes Mobile Games Money Laundering Operation 
The US Department of Justice, Apple, and game maker Supercell, have been warned of a money laundering ring that uses fake Apple accounts and gaming profiles to make transactions with stolen credit/debit cards and then sells these game premiums on online sites for the group's profit.
This operation came to light in mid-June when security researchers from Kromtech Security came across a MongoDB database that had been left exposed online without authentication.

"As we examined the database we rapidly became aware that this was not your ordinary corporate database," said Kromtech researcher Bob Diachenko.
"This database appeared to belong to credit card thieves (commonly known as carders) and that it was relatively new, only a few months old," he added.

Group was using automated tools to buy game premiums
Diachenko says the group was using a special tool to create iOS accounts using valid emails accounts, then was adding a stolen payment card's details to one of these new iOS accounts.
The group then ran another automated tool on jailbroken iOS devices to install various games, create in-game accounts, and purchase game features or premiums that they later re-sold online for real money.

The expert says crooks targeted mobile games such as Supercell's Clash of Clans, Supercel's Clash Royale, and one game by Kabam named Marvel Contest of Champions....MUCH MORE
Here's a handy schematic:

https://www.bleepstatic.com/content/posts/2018/07/17/MongoDB-money-laundering.png