Taiwan’s National Police Agency has identified almost 100 cases where scam accounts for a particular mobile game were created using numbers associated with phones made by one Chinese white label manufacturer, reports the Taipei Times. The police say the malware forwards messages to fraudsters so they can complete the creation of accounts for a mobile game where users purchase points with money. The fraudsters then profit by obtaining cash refunds on behalf of users who were duped into buying points.
The agency said that it traced most of the numbers to low-tech cellphones owned by older people who had never downloaded or even heard of the game.
Investigators then traced the phones to a white-label cellphone factory in China, which they suspect loaded Trojan software onto the devices that were sold in Taiwan with Taiwanese branding, unbeknownst to telecoms.
The police are focusing their efforts on persuading the mobile game company to restrict the sale of points, and on raising consumer awareness. Pursuing the criminals behind the scam may prove futile if they lie outside of Taiwan’s jurisdiction.
Most of the game accounts were registered with foreign IP addresses, limiting investigators’ ability to trace them, the [National Police] agency said.
This hybrid scam illustrates how criminals make money by taking advantage of intersecting weaknesses in ways that are difficult to anticipate. In this instance, the scam would not work if the malware could not be installed, the criminals could not obtain cash from the mobile game provider, or users were not fooled into purchasing game points.