Cybercrooks are buying and selling in-game currency from mobile games such as Clash of Clans to launder money from stolen credit cards, according to security firm Kromtech Security
Kromtech says that last month it found a "strange database" exposed to the public internet with a cache of credit card numbers and personal information inside.
"As we examined the database we rapidly became aware that this was not your ordinary corporate database, this database appeared to belong to credit card thieves," says the firm in a blog.
Following a trail, Kromtech researchers found that the crooks were creating fake Apple ID accounts and then using the stolen cards to buy virtual goods on three games - Clash of Clans, Clash Royale, and Marvel Contest of Champions. They then sold what they'd bought on third party sites.
Between them, the three targeted games have more than 250 million users, generating around $330 million a year. They also have very active third party markets, notes Kromtech, "all of which makes these a good choice to blend in for a little money laundering".