According to a new report by Trend Micro, cybercriminals are using online video game currencies for money laundering purposes. This kind of activity may seem unfitting, however, since gaming money is unregulated and it is legal to sell, this a convenient method for cybercriminals to launder money.
The research says PC is the most targeted platform, with Pokemon GO being the exception. Consoles are also serving as attack points, although, they are not as popular among hackers as personal computer games. Popular targeted video games include Minecraft, FIFA, World of Warcraft, Final Fantasy, Star Wars Online, GTA 5, Madden NFL, NBA, Diablo.
“Although cybercriminal activities are illegal, the trade of online gaming currencies isn’t,” the report says. “Therefore, law enforcement cannot be compelled to shut down every website selling these currencies. Despite that, it is important for online gamers to know that such tactic is being used by cybercriminals today. Gamers must be made aware of the crucial role they have in cybercrime whenever they take part in the exchange of online gaming currencies. Denial of service attacks, identity theft, and financial fraud are just a few of the attacks that have been funded by the sale of online gaming currencies and have devastated companies and organizations of all sizes.”
The first part of the cybercriminal operation is the victimization phase. Hackers here acquire online currencies through different methods. The most popular one is stealing gamer accounts by using malware or different kinds of infostealers, or by using phishing links and emails to get the most desired login information. Cybercriminals can also obtain gaming money by exploiting game servers with methods including glitching, duping (duplicating items), gold farming or botting.
Now they have the virtual money, hackers need to advertise it in order to sell the currencies. Cybercriminals use methods, such as dedicated surface websites, legitimate website advertising, and social media postings. They can also put ads on dark net forums and marketplaces, however, hackers are selling mostly guides and stolen accounts there, instead of online gaming currencies.
The next move is the selling phase. It is detailed in the report:
“To make a successful sale, the people behind the websites selling online gaming currencies must assure their customers that transactions with them are safe and secure. Therefore, websites go out of their way to make their customer, the online gamer, feel confident in completing their purchases. To do this website authors make sure that their site is professionally designed, offers live chat support, and declares the use of encryption software for all transactions.”
“Once a buyer has confirmed his/her purchase the process in obtaining the gaming currency is very similar to the usual process of purchasing items in any online shopping website,” the report continues. “The process starts with the buyer logging in on the website, then selecting the amount and the type of currency he/she wishes to buy, and then confirming the sale by paying through various payment methods (credit card or online money transfers). After that, the buyer will simply have to wait for his/her purchase to be delivered.”
For online gamers, there is a risk involved. If the developer finds out the player bought currency for the game from such websites, it can result in the suspension or the ban of the player’s account. However, this does not stop gaming currency marketplaces, despite the aforementioned fact, these sites are becoming more and more popular.
After the transaction is completed cybercriminals have successfully acquired real world money. Their next move is to buy cryptocurrencies, such as bitcoin, to avoid detection. Most of the hackers use bitcoin blenders/mixers to clean their “dirty” money.
Cybercriminals then can use the obtained clean money to finance other operations.
“After all, the skills used in harvesting gaming currencies–glitching/hacking larger servers, running phishing campaigns, spreading infostealing malware–are all applicable to other traditional forms of cybercrime,” the report goes by. “Based on our observation, some of the cybercriminal pursuits that are fueled from the profit of the sale of online gaming currencies are as follows, but not limited to: DDoS services, infrastructure rental (for cybercrime purposes), spam campaigns (which can result in ransomware infection), identity theft/fraud, and many others.”