Thieves Used Stolen Credit Cards To Rack Up Cash In Free-To-Play Games

A few years ago, I was on someone's podcast and he told me that he bought currency for some game from a third party. "Why not?" he said, insisting that he had the cash, but not the time, and it wasn't really hurting anyone except maybe that greedy game developer.

Putting aside in-game concerns, such as violating the EULA and "stealing" from the devs, there are plenty of other reasons why you shouldn't do this. Getting your credit card info stolen from a shady gold seller is the obvious one, but even if you think you're safe, you might still be contributing to a vast web of illicit financial transactions.

Various websites are reporting the past few days on how certain unscrupulous parties have been using free-to-play games on iOS devices to profit and, in some cases, launder money from other illicit activities. It was all pretty simple, when you get down to it:

With the account creation process automated, the malicious actors then took the process further, automatically changing cards until a valid one is found, automatically buying games and resources, automatically posting the games and resources for sale, working with a digital wallet for order processing, and managing multiple Apple devices to distribute the load. The end result, an automated money laundering tool for credit card thieves.

While the activity seemed to be limited to just three mobile games -- Clash of Clans, Clash Royale, and Marvel Contest of Champions -- and is related to Apple's "lax credit card verification process," it's something to keep in mind any time you are tempted by "FREE VBUCKS" or some other so-obvious-it-has-to-be-a-scam offer online or any sale of in-game goods or accounts from someone other than the developer.

You can read the full breakdown from Kromtech Security here.