A new malware has been spotted peaking at PokerStars and Full Tilt players’ cards to skew any chances of a win.
San Diego-based IT security company ESET has found a malware known as Win32/Spy.Odlanor in circulation since at least March 2015 and being used to cheat in online poker.
Odlanor can be unwittingly installed on a computer if the user downloads infected apps or software online. In other cases, the security researchers found the spyware was loaded onto the victim’s system through poker-related programs such as Tournament Shark, Poker Calculator Pro, Smart Buddy, Poker Office, and others.
“We have seen this trojan masquerading as a number of benign installers for various general purpose programs, such as Daemon Tools or uTorrent. In other cases, the spyware is installed through various poker-related programs,” said Robert Lipovsky, senior malware researcher at ESET.
Once installed, the Odlanor malware is used to create screenshots of the window of the only two targeted poker rooms, PokerStars or Full Tilt Poker, if the victim is running either of them.
The screenshots, which can be retrieved by the cheating attacker, reveal not only the hands of the infected opponent but also the player ID. Both of the targeted poker sites allow searching for players by their player IDs, hence the attacker can easily connect to the tables on which they’re playing.
Eset added it is unsure whether the perpetrator then plays the games manually or in some automated way, adding “nevertheless, the trojan poses a potential threat to any player of online poker.”
ESET also noted that several hundred users have already been infected with the program, most of them coming from Russia, Ukraine, and other Eastern European countries. In addition, a newer versions of Odlanor Win32/PSWTool.WebBrowserPassView.B has been running around capable of breaking and extracting passwords from various Web browsers, making it even more dangerous for the victim.