Card-Watching Malware Targets PokerStars, Full Tilt


Heads up, poker players: If you've been playing online lately and losing, it may not be just bad luck.
Malware researchers at security firm ESET have discovered a new trojan designed to "cheat in online poker by peeking at the cards of infected opponents."
The malware specifically targets PokerStars and Full Tilt — two of the most popular online poker sites, according to ESET's Robert Lipovsky.

"The attacker seems to operate in a simple manner: After the victim has successfully been infected with the trojan, the perpetrator will attempt to join the table where the victim is playing, thereby having an unfair advantage by being able to see the cards in their hand," Lipovsky wrote in a blog post Thursday.

The malware, Win32/Spy.Odlanor, masquerades as a benign installer for various general purpose programs such as Daemon Tools or mTorrent.

People are most commonly getting infected when downloading some other, useful application from an unofficial source, Lipovsky wrote. In some cases, it's being loaded onto victims' systems through various poker-related programs, including poker player databases and poker calculators such as Tournament Shark, Poker Calculator Pro, Smart Buddy, Poker Office, and more.

Once executed, the malware will snap screenshots when you have a PokerStars or Full Tilt window open. The screenshots are then sent back to the attacker's remote computer.

"Afterwards, the screenshots can be retrieved by the cheating attacker," Lipovsky wrote. "They reveal not only the hands of the infected opponent but also the player ID. Both of the targeted poker sites allow searching for players by their player IDs, hence the attacker can easily connect to the tables on which they're playing."

At this point, researchers aren't clear whether the attackers are playing the games manually, or in some automated way.

ESET said it has observed several versions of this malware in the wild, dating back to March 2015. Worse yet, newer versions also contain "general-purpose data-stealing functionality" capable of siphoning your passwords from various Web browsers.

As of Sept. 16, there have been several hundred users infected with Win32/Spy.Odlanor.

"The largest number of detections comes from Eastern European countries," Lipovsky wrote. "Nevertheless, the trojan poses a potential threat to any player of online poker. Several of the victims were located in the Czech Republic, Poland, and Hungary."

This isn't the first time poker players have been targeted. Internet security and privacy firm F-Secure discovered a similar attack in 2013, which it dubbed as "sharking." 

F-Secure Security Advisor Sean Sillivan advised professional poker players to lock up their devices when they leave a hotel room, as this type of malware may, in some cases, be installed by an "evil maid" who is collaborating with the hackers.

Source: pcmag.com
    Blogger Comment

0 comments:

Post a Comment