Open MongoDB Database Exposes Money Laundering Operation

0
514

When things are related to money, it’s very important that everything is safe and sound so that no one can illegally use others’ money for their own will. This is truer in case of credit cards. Recently, a new way scammers were making money is revealed. Turns out, this time, they targeted in-app purchases and Supercell was a major victim of it. It’s not Supercell actually but their players.

The US Department of Justice, Apple and Supercell were warned of such illegal actions by people were using poor Apple security configuration, scammers were laundering money with fake Apple accounts and gaming profiles. As the fake source of money, there were a good number of stolen credit/debit cards. There were even legitimate-looking sites for such actions!

Such operations came into the spotlight during the mid-June when security researchers from Kromtech Security found out an openly accessible MongoDB database. According to Bob Diachenko, this was not an ordinary database. It belonged to the card thieves (aka carders). Moreover, it was a relatively young database, around a couple of months old.

Automated tools for buying in-game currencies

According to Diachenko, the culprits were using a special tool that would create iOS accounts with valid email accounts and then, add those stolen payment card’s details to the account.

Then, another automated tool running on jailbroken iOS devices installed the games, create an in-game account and purchase those premium currencies/features. Later on, those accounts were on sale for real money.

According to the experts, crooks targeted games like Clash of Clans (Supercell), Clash Royale (Supercell) and Marvel Contest of Champions (Kabam). These games require purchasing in-game currency with real-world money for faster progress and upgrading all the troops, buildings, characters etc.

Over 150,000 cards in the database

The database contained enough data about all those stolen cards. According to a report of Kromtech, the database contained details of 150,833 cards with their full card number, CCV, and expiration date. The credit cards belonged to 19 different banks, according to Diachenko. He also mentioned that those cards were maybe also purchased from carder markets as they were in groups of 10k, 20k and 30k etc.

All around blaming for such situation

The blame goes all around. First of all, Supercell and other victim parties were notified about the situation. In addition, Diachenko said that Apple also lacked proper verification measures for adding payment card data to iOS accounts. That made the task of the crooks easier.

The Kromtech experts also said that cards with improper names and addresses were added to the account very easily. Diachenko also blamed games for not putting a proper layer of defense in this case. The culprit group was using a tool named “Racoonbot” for interacting with Supercell games and automate the purchasing operations.

The full report is available here. As the game devs are notified, it’s expected that games will take actions against illegal gamers and those game accounts.

Recently, a new type of threat is on the rise. This one won’t steal personal info but can be troublesome at a very high scale. Learn more about UPnP DDoS attacks of the future.

LEAVE A REPLY

Please enter your comment!
Please enter your name here