For anyone who has played many of the popular smartphone games will definitely agree, the need for in-game currency is essential. Most of the players are hooked upon the notion that in order to advance substantially in the game is to use or purchase their currency. Smartphone gamers often rely but get frustrated with the free games mechanism, making them wait for a long period of time to advance and unlock some of it’s features. With this in mind, players end up finding ways to progress into the game.
Now this is where the hackers come in. Popular mobile games such as Marvel’s Contest of Champions, Clash Of Clans, and Clash Royale – are just a few of the games being used by these cyber attackers to launder money. These games alone have over 200-300 million users, which translates to about US $300 million USD every year. The number of users and the amount of money they produce are more than enough reason for cyber criminals to step in and do their magic.
According to a recent report by experts from Kromtech, a German CyberSecurity Company, it was June when they first came across the money-laundering incident. It was when they examined an unsecured MongoDB database. This database was publicly available and accessible even without a password. The records on the database contain more than 20,000 credit card details and purchases ranging from April to late June 2018. Nonetheless, the experts were able to deduce that they are not just dealing with any company or business being all careless with their data. The entire database belongs to Carders (credit card thieves).
These thieves had just created a state of the art automated mechanism for generating fake Apple ID and Google Play accounts with the stolen credit card information and randomly buying the in-game virtual currencies, including power-ups, gems and other valuable game items. These virtual goodies can be sold online to other players on third-party markets and makeshift game stores. They maintain their value after purchase, that’s how they’re designed. The games themselves can be bought and transferred from one account to another. In other words, these criminals are making money by exchanging the credit card-bought items for actual money.
Due to these events, Game developers like Supercell, have already warned its users not to be fooled by these scams and to make sure they secure their personal accounts, especially their Apple and Google Play credentials. They’ve also stressed the consequences of providing their private information to third-parties, placing their games and personal details at risk. Any violation of their in-game policies will directly result to being banned permanently and their purchases forfeited.
Truth be told, there’s lots of things that we can do to prevent these kinds of cyber attacks via mobile games. Apple and Google could take additional steps to ensure that data from their users are more secure, especially during account creation. App stores and developers could also improve their policies to expose and fend off abusers. But honestly, if not for these criminals’ carelessness with their database, we probably wouldn’t have found out about this attack. Still, consider yourself informed.