Friday, 2 October 2015

Irish Poker Players beware

Researchers have discovered Odlanor, a trojan, which is used by its malware operator to cheat in online poker by peeking at the cards of infected opponents. It specifically targets two of the largest online poker sites: PokerStars and Full Tilt Poker.

Like a typical computer trojan, users usually get infected with Odlanorunknowingly when downloading some other, useful application. This malware masquerades as benign installers for various general purpose programs, such as Daemon Tools or mTorrent. In other cases, it was loaded onto the victim’s system through various poker-related programs – poker player databases, poker calculators, and so on – such as Tournament Shark, Poker Calculator Pro, Smart Buddy, Poker Office, and others.

Once executed, the Odlanor malware will be used to create screenshots of the window of the two targeted poker clients – PokerStars or Full Tilt Poker, if the victim is running either of them. The screenshots are then sent to the attacker’s remote computer. They reveal not only the hands of the infected opponent but also the player ID. Both of the targeted poker sites allow searching for players by their player IDs, hence the attacker can easily connect to the tables on which they’re playing and gain an unfair advantage of knowing his opponents’ cards.

ESET antivirus users are protected from this infection, since it is detected asWin32/Spy.Odlanor, but online poker players in general should be cautious that they only install verified apps from trustworthy sites.

The full story on Odlanor is available on ESET Ireland's blog: The Trojan Games: Odlanor malware cheats at poker