Security Market Segment LS
Friday, 03 August 2018 12:02

Stolen credit cards used to launder money through in-games purchases


Stolen credit cards are being used to buy in-game purchases online which are then sold for cash, the German-based international IT investment and development company Kromtech claims.

In a blog post, the company said the thieves were targeting three online games: two by the game maker Supercell – Clash of Clans and Clash Royale, and one by Kabam – Marvel Contest of Champions.

The three games had more than 250 million users who generated about US$330 million annually, and also had an active third-party market that used sites like to buy and sell resources and games. The scammers were operating through both the Apple App Store and the Google Play Store.

Kromtech said the prices asked for an in-game purchase like the 14000 Gems pack for Clash of Clans and Clash Royale ranged from US$94.38 in the Philippines to US$135.33 in Denmark.

Apple only asked for a valid email address, a password, a date of birth and three security questions to create an Apple ID and thus it was easy to create mass accounts, Kromtech said. The same applied to many of the larger email services.

"Apple does attempt to validate the credit card by charging and then refunding $1, interestingly, they must not perform much in the way of credit card verification because we saw that many were processed with an incorrect name and address," the Kromtech researchers wrote.

apple scam

"Perhaps verification is minimal due to the low dollar amount of the charge, but a stricter credit card verification would make it a bit more difficult for the carders."

Once they had automated the account process creation, the credit card thieves "took the process further, automatically changing cards until a valid one is found, automatically buying games and resources, automatically posting the games and resources for sale, working with a digital wallet for order processing, and managing multiple Apple devices to distribute the load".

Kromtech said it had drawn the following conclusions from its findings:

  • "The tool we found and its users currently work with countries such as Saudi Arabia, India, Indonesia, Kuwait, and Mauritania. We do not know if this was simply because the tool and Facebook page is new and this is just due to initial users, or if operating through these countries provides some kind of additional benefit to the thieves.
  • "Credit cards we found belong to 19 different banks. They were probably bought on the carder markets as they were in groups of round numbers, like 10k, 20k, 30k.
  • Apple appears to employ a lax credit card verification process. Cards with improper names and addresses were approved.
  • "The large-scale abuse of the creation and verification process of Apple ID is possible because the group uses jailbroken iPhones to distribute the load, along with generated and stolen data.
  • "Service providers need to meet today’s realities and properly secure their account creation process from abuse by automated tools.
  • "Apple and the email providers used did not do enough to protect against this kind of abuse.
  • "Game makers could do a better job of policing their policies along with tracking and pursuing abusers. Apple could do the same."

google play

Kromtech Security communications chief Bob Diachenko said:"If you have ever played a free-to-play game you know that most of them require resources of one type or another to play. Whether it be gems, gold, power ups, or other, these resources are required to advance within the game, making them critical to the game play. Manually gathering the free resources is a slow process and one can play a game for months working to move up levels.

"This is where the game makers make their money. They sell resources through 'In-App Purchases' to help people play the game and speed up the game play. The lure of speeding up your play is a strong incentive to spend money on resources, and many spend to play. This has turned free-to-play games into a multi-billion dollar industry.

"The resources even maintain value after purchase, because in many cases, once bought, they can be traded, adding to the game play. The game itself can also be transferred from one account to another. Because of this, resources gathered or bought and games built to advanced levels can also be resold. It is the selling of these on third party markets that holds the door open to the illicit activity that we found taking place."

Graphics: courtesy Kromtech

Subscribe to ITWIRE UPDATE Newsletter here


The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.



iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.


Sam Varghese

Web Analytics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News