Screenshot Malware Spying On Online Poker Players

A unique malware has been found by security experts which spies on the players of online poker gaming sites, specifically Full Tilt Poker and PokerStars and is encoded to take screenshots of a victim’s game and then send it to the attacker, states a security researcher Robert Lipovsky at ESET.

Various kinds of malware and Trojans have been discovered on the Internet every other day which harm users and their data, but at times, some malware is exceptional because of the way they work and this new malware is one of those; as it has been designed to specifically target online poker players.

The spying Trojan codenamed as Win32/Spy.Odlanor, once successfully installed into the victim’s computer will be used by the hackers to cheat in the online poker games and become online poker stars by capturing the screenshot of the infected opponent’s cards. Once the screenshot has been captured and sent to the attacker, he then joins the same table where the victim is playing thus having a biased advantage of being able to see the cards.

How Win32/Spy.Odlanor Infects Computer?

Just like any other Trojan, user’s computer gets infected with Win32/Spy.Odlanor unintentionally when he/she is downloading other applications and software from any unofficial source.

This malware tricks the user into believing that the installer is non-threatening, but is actually loaded with Trojan and installs the malware onto the system. In some cases, it has found that the Trojan gets installed through programs related to poker.

How Win32/Spy.Odlanor Works?

Once the malware has been installed and executed, it then finds the infected computer for the targeted popular gaming websites such as Full Tilt Poker or PokerStars. If any of the two gaming websites is found running on the system, the malware automatically grabs the screenshot and sends it to the attacker’s remote computer.

After the screenshots have been retrieved by the attacker, it exposes the victim’s cards in hand as well as the player ID. 

Knowledge about the player ID plays an important role here because both of the online poker websites allows its players to search other players using the unique player ID, so it becomes easier for the attacker to join the table where the victim is playing.

The newer versions of this Trojan have been found to have general-purpose data stealing ability because NirSoft WebBrowserPassView has been embedded within the Trojan and are capable of stealing passwords from the victim’s web browsers.

Who Is Infected With Win32/Spy.Odlanor?

According to the analysis performed by the malware experts over at ESET, several hundreds of online poker players have been infected within the past six months but the largest numbers of infections have been detected in Eastern European countries including Poland, Czech Republic, and Hungary.

Related Posts