Carding cashout scheme exposed due to malconfigured MongoDB database

World's news about us.
Posts: 74
Joined: Mon Jul 16, 2018 6:07 am
Been thanked: 19 times

Carding cashout scheme exposed due to malconfigured MongoDB database

Post by flux » Fri Jul 20, 2018 2:31 am

CISSP-specialists regularly find poorly configured MongoDB instances on the Internet, which frequently lead to data leaks. But this time, an unprotected MongoDB database found by experts helped to identify a large-scale carder campaign for money laundering.

Representatives of the US Department of Justice, Apple engineers and game developers from Supercell have notified users about the detection of a major campaign for money laundering. Attackers used fake Apple accounts and game profiles to make transactions using stolen bank cards. Criminals bought different currencies and tools in games, and then resold them through the Internet, returning to themselves "clean" money.

The campaign was accidentally discovered by analysts of Kromtech Security. In June 2018, experts found an unprotected MongoDB database (available without authentication) on the clearnet, the contents of which turned out to be extremely interesting.

"As we examined the database we rapidly became aware that this was not your ordinary corporate database, this database appeared to belong to credit card thieves (commonly known as carders) and that it was relatively new, only a few months old." - says Bob Diachenko, a specialist at Kromtech Security, on the company's blog.

Thus, the database contained data on 150,833 bank cards of 19 different banks, including their full numbers, CCV and expiration date. According to Dyachenko, the criminals were most likely bought information about the cards in bulk, on the black market. The fact is that the data in the database were grouped in equal portions of 10, 20, 30 thousand pieces.

The expert writes that the carder group focused on the Apple App Store, although researchers have also discovered some of the workings of carders for the Google Play Store. The group used a special automated tool to create iOS-accounts associated with valid mailboxes. Afterwards, stolen bank cards were tied to new iOS-accounts. Another automated solution was used by attackers to install various games on jailbreaked iOS devices, create in-game accounts and then purchase various premium features in these games.

According to researchers, for this purpose, criminals used Clash of Clans and Clash Royale games created by Supercell, as well as the game of Marvel Contest of Champions, owned by Kabam.

Following the information found in the above-mentioned MongoDB database, carder's automatic tools were configured to create accounts simulating live users from Saudi Arabia, India, Indonesia, Kuwait and Mauritania.

Kromtech Security experts reported not only to law enforcement agencies and game developers, but also Apple representatives about their unexpected finding. The fact that the attackers abused almost complete lack of control measures when binding to iOS-account bank cards. Experts criticize Apple for the fact that even maps with incorrect addresses and names were easily verified and could be used by criminals.

Also, game developers were criticized by specialists. The fact is that their applications actually do not have protection from automated tools, like Racoonbot, which carders used, and they easily buy up bonus functions in games, without causing anybody any suspicion.

• Source: ... al-laundry

User avatar
New user
New user
Posts: 5
Joined: Thu Mar 14, 2019 3:24 am

Post by HarryPorco » Thu Mar 14, 2019 3:59 am

???e o Kiko?

User avatar
New user
New user
Posts: 12
Joined: Tue Apr 09, 2019 8:47 am
Been thanked: 2 times

Post by Padhiarsaab » Wed Apr 10, 2019 11:21 am

This was just a simple method there are many methods which we can use