Crooks are increasingly turning to Monero over Bitcoin, according to a new study on the economics of cybercrime.

"Platforms like Monero are designed to be truly anonymous, and tumbler services like CoinJoin can [further] obscure transaction origins," said Dr Mike McGuire, senior lecturer in criminology at Surrey University and author of the study.

Many cybercriminals are using virtual currency to convert the illegal proceeds of crime into hard cash and assets. Digital payment systems are used to help hide the money trail.

Law enforcement agencies are monitoring Bitcoin transactions, causing many miscreants to look for alternatives. Connecting transactions to individuals is possible in the case of up to 60 percent of Bitcoin payments because details can leak during web transactions – typically via trackers or cookies.

McGuire told El Reg that the switch to Monero was only partly driven by the growing incidence of clickjacking attacks, which have come to rival ransomware in prevalence if not impact.

"Cryptojacking is gaining popularity simply because it is more low-key and covert than simply saying 'give me your money' as you might with a ransomware attack," McGuire said. "Whether deploying cryptojacking as a technique, or using less recognised virtual currencies like Monero, hackers are getting better and better at disguising what they are doing, and this goes far beyond what law enforcement can keep up with at present."

Covert data collection in online forums alongside interviews with experts and cybercriminals by Dr McGuire also revealed that an estimated 10 per cent of cybercriminals are using PayPal to launder money. A further 35 percent use other digital payment systems, including Skrill, Dwoll, Zoom, and mobile payment systems like M-Pesa.

Methods like "micro laundering", where thousands of small electronic payments are made through platforms like PayPal, are increasingly common and more difficult to detect. Another common technique is to use online transactions – via sites like eBay – to facilitate laundering.

Playing PayPal

Crooks are circumventing PayPal and eBay's anti-fraud controls, even though both are "getting better at picking up laundering techniques", according to Dr McGuire.

"Many of the caught cybercriminals I interviewed indicated an awareness that they should start moving away from this method," he said. "But there are still ways you can get around them. Social engineering and 'gaming' laundering offers one kind of approach. There are several methods such as manipulating transactions.

"Keeping transactions low, say $10-12, makes laundering almost impossible to spot, as they look like ordinary transactions. It would be impossible to investigate every transaction of this size. By making repeated small payments, or limited transactions, your profile begins to gain the 'trust' of controls systems, which makes it even harder to detect laundering as payments are less likely to be flagged."

Botnets can be used to make thousands of these transactions and increase your trust rating.

"I have also seen evidence of multi-stage laundering, where criminals will make payments through websites like Airbnb which look completely legitimate. Cybercriminals are also gaining access or control of legitimate PayPal accounts by phishing emails. I also saw it was easy to buy stolen credentials from online forums to gain access to hundreds of PayPal accounts which can then be used to launder payments."

McGuire said cybercriminals are working with the fraud controls to then manipulate them by applying to go beyond current annual payment limits and then providing false or hacked documentation to support the checks which permit larger payments.

El Reg ran these aspects of the research past eBay and PayPal with a request for comment. We'll update this story as and when we hear more.

There's gold in them thar games

Cybercriminals elsewhere are active in converting stolen income into video game currency or in-game items like gold, which are then converted into Bitcoin or other electronic formats. Games such as Minecraft, FIFA, World of Warcraft, Final Fantasy and GTA 5 are among the most popular options because they allow covert interactions with other players to facilitate the trade of currency and goods.

"Gaming currencies and items that can be easily converted and moved across borders offer an attractive prospect to cybercriminals," Dr McGuire told The Register. "This trend appears to be particularly prevalent in countries like South Korea and China – with South Korean police arresting a gang transferring $38m laundered in Korean games back to China.

"The advice on how to do this is readily available online and explains how cybercriminals can launder proceeds through both in-game currencies and goods."

The findings come from a nine-month study into the macro economics of cybercrime, sponsored by infosec vendor Bromium. Into the Web of Profit draws together research gathered from first-hand interviews with convicted cybercriminals, data from international law enforcement agencies and financial institutions as well as covert observations conducted across the dark web.

"The growing use of digital payment systems by cybercriminals is creating significant problems for the global financial system," Dr McGuire commented. "Revenues that previously would have flowed within proven and well-established banking systems and could be traced are now outside of its jurisdiction. Digital payment systems are most effective when combined with other digital resources, like virtual currencies and online banking. This hides the money trail and confuses law enforcement and financial regulators."

The full results of the study are due to be released at the RSA Conference in San Francisco on 20 April. ®