Money laundering is a criminal activity that is now commonplace. Corrupt politicians, businessmen or scammers appear every day on television as money launderers. Money laundering consists of making funds or assets obtained through illicit activities legal. But surely you’ve never thought that these scammers can use mobile games or apps to launder money.
In a recent article on Kromtech’s webpage, the cybersecurity company has revealed that cybercriminals are using apps and mobile games, such as Clash Royale, to launder money from their illegal operations with stolen credit cards.
As Bob Diachenko , head of communications and security at Kromtech, says, most free games have inside resources that are essential to progress in the game. For example gold, gems, or special attacks. These resources can usually be obtained via farming. Which means it’s not really necessary to buy such resources with real money. However, collecting these materials without paying is a slow process. Sometimes it can even take months to complete it.
This is where developers try to grab their benefit. What they do, is give an alternative to the players, who can buy these resources by spending real money. It usually works with packs. Each pack includes certain resources that can be bought for a price. Also, players can exchange their accounts. Meaning you can resell accounts that own many materials or have reached high levels. Here is where cybercriminals launder their money.
Credit card thieves mostly use three games: two created by Supercell , Clash of Clans and Clash Royale ; and one by Kabam, MARVEL Battle of Superheroes. These three games involve more than 250 million users. This generates a profit of approximately 330 million dollars. How do they do the fraud? The truth is that to access these games you only need an e-mail account. The games are usually linked to that account, so when we install the game on a different device, the game loads automatically.
In most cases, to create an email account, we only need to give very basic information, such as a password, a name and a date of birth. Scammers automate this process, which allows them to create false accounts on a large scale. With the automated account creation process, cybercriminals automatically test credit card numbers until they find a valid one. When they find it, they use it to buy game resources. The next step is to put on sale either such resources or the whole account.
When a real player wants to buy the account or resources, the illegal money becomes nice and clean. Let’s take an example: imagine that the game allows you to buy 1,000 gems at the cost of 20 euros. The scammers sell the same number of gems for 10 euros. Therefore, if a scammer buys 20 euros of resources with a fake email, he sells that account for 10 euros that will be legal. According to Kromtech’s estimate, one of these illegal programs processes approximately 20,000 cards in just a month and a half. If you calculate how many resource packs a single card can buy, you will have an idea of how profitable mobile games can be.