informa
2 min read
article

Credit card thieves reportedly using Clash of Clans to launder money

Credit card thieves are allegedly using the mobile games Clash of Clans, Clash Royale and Marvel Contest of Champions to launder hundreds and thousands of dollars via account selling.

Credit card thieves are allegedly using the mobile games Clash of Clans, Clash Royale and Marvel Contest of Champions (developed by Supercell and Kabam, respectively) to launder hundreds and thousands of dollars. 

In the case of Clash of Clans and Clash Royale, players can spend real money for premium in-game currency like gold or gems. Players can take this premium currency and buy advantages, but the currency apparently also serves as an easy way to launder money. 

According to a report published by German cybersecurity firm Kromtech, the thieves used 20,000 stolen credit cards to make purchases in Clash of ClansClash Royale, and Marvel Contest of Champions by reselling accounts with those same purchases to third-party marketplaces and receiving money in exchange, with zero attachment to the stolen cards.

This laundering is possible because of the accessibility to automatically create accounts on a large scale. For example, Apple only requires a valid e-mail address, password, date of birth, and three security questions to create an Apple ID.  

E-mail accounts are easy to create. The thieves were reportedly able to automate the account creation process, allowing them to create accounts on a large scale, resulting in an automated money laundering tool for credit card thieves to use.

Kromtech’s investigation began with database-building software MongoDB. Poor configurations granted hackers access to data from tens of thousands of MongoDB databases. Kromtech became aware of these Clash of Clans thieves after analyzing samples from one database, which stored over a hundred thousand credit cards. 

"The tool we found and its users currently work with countries such as Saudi Arabia, India, Indonesia, Kuwait, and Mauritania," writes the report.

"We do not know if this was simply because the tool and Facebook page is new and this is just due to initial users, or if operating through these countries provides some kind of additional benefit to the thieves." 

Although there seem to be no immediate solutions, Kromtech urges developers and service providers to secure their account creation process from abuse by automated tools and police their policies when it comes to tracking and pursuing thieves. 

Latest Jobs

Treyarch

Playa Vista, California
6.20.22
Audio Engineer

Digital Extremes

London, Ontario, Canada
6.20.22
Communications Director

High Moon Studios

Carlsbad, California
6.20.22
Senior Producer

Build a Rocket Boy Games

Edinburgh, Scotland
6.20.22
Lead UI Programmer
More Jobs   

CONNECT WITH US

Register for a
Subscribe to
Follow us

Game Developer Account

Game Developer Newsletter

@gamedevdotcom

Register for a

Game Developer Account

Gain full access to resources (events, white paper, webinars, reports, etc)
Single sign-on to all Informa products

Register
Subscribe to

Game Developer Newsletter

Get daily Game Developer top stories every morning straight into your inbox

Subscribe
Follow us

@gamedevdotcom

Follow us @gamedevdotcom to stay up-to-date with the latest news & insider information about events & more