Security researchers have spotted new malware targeting online poker players which allows attackers to view the hands of their victims.
Users of PokerStars and Full Tilt Poker are at risk from the Win32/Spy.Odlanor trojan, according to ESET senior malware researcher, Robert Lipovsky.
The malware itself is frequently hidden inside a legitimate looking application or program, he explained in a blog post.
“This malware masquerades as benign installers for various general purpose programs, such as Daemon Tools or mTorrent. In other cases, it was loaded onto the victim’s system through various poker-related programs – poker player databases, poker calculators, and so on – such as Tournament Shark, Poker Calculator Pro, Smart Buddy, Poker Office, and others,” he added.
“Once executed, the Odlanor malware will be used to create screenshots of the window of the two targeted poker clients – PokerStars or Full Tilt Poker, if the victim is running either of them. The screenshots are then sent to the attacker’s remote computer.”
These screenshots will give the attacker both the victim’s poker hand and their player ID, allowing them to connect to the table they’re playing on quite easily.
“In newer versions of the malware, general-purpose data-stealing functionality was added by running a version of NirSoft WebBrowserPassView, embedded in the Oldanor trojan,” Lipovsky explained.
“This tool, detected by ESET as Win32/PSWTool.WebBrowserPassView.B, is a legitimate, albeit potentially unsafe application, capable of extracting passwords from various web browsers.”
The malware dates back to March 2015, although several versions have been spotted in the wild, ESET said.
The largest number of detections so far comes from Russia (36%) and Ukraine (35%) with several hundred victims already discovered.
Cyber-criminals will always “follow the money” to where they have the chance to make the biggest return on their investment in malware and attack tools.
Given the popularity of online gambling, it’s no surprise that this industry is being targeted.
Attacks on poker players are known as “sharking” – for example a card pro had his hotel room broken into during a tournament two years ago and later found a RAT had been installed on his laptop.