The security software company says Odlanor takes screen shots of the infected players’s virtual poker hand to allow the criminal to cheat during online games.
Advertisement
The scam was spotted by San Diego-based security experts at Eset and it affects people who have accounts on PokerStars and Full Tilt Poker.
The spyware is called Win32/Spy.Odlanor and players have unknowingly been infected by it while downloading apps or software.
The malware infects a player’s computer, takes a screenshot of his or her hand of cards, and then sends the unique ID of the player to the hacker.
Once installed it grabs screenshots of the PokerStars and Full Tilt Poker clients, letting the attackers see what cards the victim holds.
The most infamous example of all came to light in 2007, when players at Absolute Poker began to suspect that a player known as “POTRIPPER” was able to see the hole cards of other players after they won a tournament in a suspiciously dominant manner. It only targets two poker rooms, though they make up a very high percentage of all online poker play: PokerStars and Full Tilt. This malware masquerades as benign installers for various general objective programs, such as Daemon Tools or mTorrent.
When gamblers download poker related programs including player databases and calculators, a Trojan virus is installed on the players’ computers. Afterwards, the screenshots can be retrieved by the cheating attacker. This involves making your opponent think that you have a potentially better hand than they do.
“We are unsure whether the perpetrator plays the games manually or in some automated way”, wrote Mr Lipovsky.
Additionally, newer versions of Odlanor also included Win32/PSWTool.WebBrowserPassView.B, a malware strand capable of breaking and extracting passwords from various Web browsers.
The trojan communicates with its C&C, the address of which is hardcoded in the binary, via HTTP. According to ESET LiveGrid® telemetry, the largest number of detections comes from Eastern European countries.
Advertisement
INSECURITY ALERTER ESET has advised us of a threat to online poker players that users spyware to skew any chances of a win.
