14 DAY TRIAL // The online gaming economy is being abused by regular crooks and cyber-criminals to launder their ill-gotten funds or finance other criminal operations, reveals Trend Micro in a report released today.
These actions are facilitated by the fact that in-game currencies aren't subjected to the same governance rules as virtual or fiat currencies, and regularly get ignored by law enforcement investigators.
PC-based gaming platforms are the most targeted
Criminal groups spend a lot of time converting stolen goods into in-game currencies and then back into Bitcoin or fiat currencies.
Other groups put a similar amount of effort into hacking gamers or gaming companies and stealing game currency, which they then advertise on the Dark Web, on social media, or underground hacking forums.
Trend Micro says that PC-based games are the most targeted platforms, with Pokemon GO being the exception. Popular targeted games include Minecraft, FIFA, World of Warcraft, Final Fantasy, Star Wars Online, GTA 5, Madden NFL, NBA, Diablo, and others.
Crooks use phishing, malware, botting, and gold farming
In most cases, hackers use phishing to trick users into entering their credentials on fake login pages. The technique is very old but incredibly efficient, even today.
In other cases, attackers use gaming server vulnerabilities, or in-game glitches to assign huge amounts of in-game funds to their accounts, which they later sell online.
"Duping" (or duplication) is the most popular form of in-game glitch that produces large quantities of game items that hackers/crooks can then sell online. By repeating a glitch that duplicates items, hackers have an inexhaustible source of funds, until the gaming company fixes the bug.
Other techniques involve gold farming or botting. Gold farming is an automated action, performed by a human with the purpose of generating "gold" or any other in-game perk.
"Gold farming had long been a valid business practice in Asia and had been a service wealthy gamers commonly purchase," Trend Micro writes in its report, shared with Softpedia.
"In 2005, an estimated 100,000 Chinese gamers were employed, by gamers from other countries, as full-time gold farmers for popular RPGs (role-playing games)," Trend Micro also adds. "In May 2011, the Guardian reported that Chinese prisoners were forced to farm for items and currency that were then sold to online gamers. Afterward, the proceeds went directly to the prison."
On the other hand, botting is the same behavior, but using automated scripts to perform all the actions performed by humans in "gold farming."
Malware remains the biggest danger
Nevertheless, malware such as password dumpers and infostealers remain the hackers' personal favorite toolkit. This approach has several advantages because the malware steals all sorts of login credentials, not just for popular gaming platforms.
Hackers that sell gaming credentials collected using malware, often sell other types of credentials as well. Below is a list of the most popular malware families, capable of stealing gaming-related credentials.
| Malware family | Targeted games/platforms |
|---|---|
| - FRETHOG - TATERF (worm version of FRETHOG) |
Rainbow Island, Cabal Online, A Chinese Odyssey, Hao Fang Battle Net, Lineage, Gamania, MapleStory, qqgame, Legend of Mir, World Of Warcraft |
| - STIMILIK/STEAMILIK (aka ESKIMO, SteamStealer) -STIMILINI/STIMILINA |
Steam |
| - WINNTI | Targets gaming companies |
| - LEGMIR | Legend of Mir, World of Warcraft, QQ Game |
| - ONLINEG (generic family name) - LOLYDA - HELPUD - DOZMOT |
Steals passwords from various online games |
| - ENTEROK | Korean PC games and mobile online games e.g. Elsword, MapleStory, WINBARAM, World of Warcraft, games from Nexon and/or Hangame |
| - TARCLOIN | Presents itself as game launcher of The Sims 3 and Assassin’s Creed III but installs Bitcoin miner |
| - ZUTEN | MapleStory, ZhengTu, Perfect World, Legend of Mir, Ruler of the Land, Rainbow Island, Eudemons Online, Fantasy Westward Journey |
| - URELAS | Monitors card games related applications |
| - USTEAL | World of Tanks, Dota2, and Steam applications |
| - KUOOG | Aion, World of Warcraft, Call of Duty, Star Craft 2, Diablo, Fallout 3, Minecraft, Half-Life 2, Dragon Age: Origins, The Elder Scrolls, Star Wars: The Knights Of The Old Republic, WarCraft 3, F.E.A.R, Saint Rows 2, Metro 2033, Assassin’s Creed, S.T.A.L.K.E.R., Resident Evil 4, Bioshock 2, and specifically Skyrim related files |
| - CRYPTLOCK | - Games: World of Warcraft, Day Z, League of Legends, World Of Tanks, Metin2 - Company Specific Files: Various EA Sports games, Various Valve games, Various Bethesda games - Gaming Software: Steam - Game Development Software: RPG Maker, Unity3D, Unreal Engine |
Trend Micro says that two-factor authentication has mitigated some of the risks associated with gaming account takeover attacks.
Many famous hacking groups started out by hacking gamers
Many legitimate black hats consider peddling gaming accounts as a skid-level activity, but many famous hacking outfits have started with hacking gaming accounts and selling in-game currencies.
The most famous one is Saudi group OurMine, but LizardSquad and Team Poison members have engaged in similar practices. OurMine is the most notorious group after it became famous in gaming circles for regularly offering free in-game currency on their Twitter account.
Because law enforcement agencies tend to ignore this sector, focusing their efforts on money laundering operations that involve fiat currencies, and most recently Bitcoin, criminals can leverage these types of virtual currencies to move funds and monetize criminal activities while taking minimal risks.
