Poker face will not bluff online poker malware

More details of the scam can be found in a blog post by ESET here.

The odds of you winning your online poker game have just got longer, thanks to the discovery of a spyware program which allows cybercriminals to see your hand.

“Once installed, the malware first checks if PokerStars or Full Tilt Poker is running”. Today, we’re bringing you one of those uncommon threats – a Trojan devised to target players of online poker.

As the player ID is then known the attacker can follow that person at future sessions.

In particular, the malware masquerades as installers for various programs, such as Daemon Tools or mTorrent, explained Eset.

The bug, identified as Win32/Spy.Odlanor, has been found targeting users on two of the web’s biggest poker sites, PokerStars and Full Tilt Poker, according to researchers at ESET.

Afterwards, the screenshots can be retrieved by the cheating attacker. From here, the hacker can then find the player in the online poker rooms and play against them with knowledge of their hand.

Lipovsky says he’s unsure whether the perpetrator plays the games manually or in some automated fashion.

Creators of the Trojan have upgraded it over time by embedding generalized data-stealing functionality with a version of NirSoft WebBrowserPassView, a legitimate application that is capable of pulling passwords from browsers.

The trojan communicates with its C&C, the address of which is hardcoded in the binary, via HTTP.

The exploit sees an attacker installing the malware onto Windows systems through a range of methods, and ESET has spotted it in several places.

Typical of most malware the largest number of detections have initially come from Eastern European countries but it is spreading worldwide and may be modified to work with other games of skill.

‘Nevertheless, the trojan poses a potential threat to any player of online poker’.