International edition
June 12, 2021

Spyware takes screenshots of the infected player's virtual poker hand

PokerStars players conned by hackers that spy on their hands before betting against them

PokerStars players conned by hackers that spy on their hands before betting against them
Criminals are hacking into gambling accounts to see player's hands before joining their games and betting against them.
United States | 09/18/2015

Criminals are hacking into gambling accounts to see player's hands before joining their games and betting against them.

G

amblers are being warned about a online poker scam that lets criminals cheat their way to winning games. 

Hackers are using malicious spyware to sneak a look at a player's virtual poker hand on popular gambling sites. 

They are then signing into the same game and betting against their victim to up the stakes and steal their money. 

The scam was spotted by San Diego-based security experts at Eset and it affects people who have accounts on PokerStars and Full Tilt Poker. 

The spyware is called Win32/Spy.Odlanor. 

Like other computer trojans, Win32/Spy.Odlanor can be unwittingly installed on a computer if the user downloads infected apps or software online. 

In particular, the malware masquerades as installers for various programs, such as Daemon Tools or mTorrent, explained Eset. 

In other cases, the security researchers found the spyware was loaded onto the victim's system through poker-related programs such as Tournament Shark, Poker Calculator Pro, Smart Buddy, Poker Office, and others.

Once installed, the Odlanor malware is used to create screenshots of the window of the two targeted poker clients, PokerStars or Full Tilt Poker, if the victim is running either of them. 

The screenshots are then sent to the attacker's remote computer.

These screenshots not only reveal the hands of the infected opponent but also their player ID.

Both of the targeted poker sites let players search for others using this ID, so it is easy for a hacker to connect to tables the victim is playing on.

Eset added it is unsure whether the perpetrator then plays the games manually or in some automated way. 

As of 16 September, 'several hundred' users have been infected with Win32/Spy.Odlanor, said Eset. 

'We have observed several versions of the malware in the wild, the earliest ones from March 2015,' said Robert Lipovsky, Senior Malware Researcher at Eset in a blog post. 

'According to Eset LiveGrid telemetry, the largest number of detections comes from Eastern European countries [and] several of the victims were located in the Czech Republic, Poland and Hungary.

'Nevertheless, the trojan poses a potential threat to any player of online poker.'

Concerned players should make sure their anti-virus software is up-to-date and remove any malicious looking files. 

If they spot any suspicious behaviour they can also alert the two targeted sites.

What is your opinion about this article?
  • I like it
    %
    0 votos
  • I don't like it
    %
    0 votos
  • I have not thought about it
    %
    0 votos
Leave your comment
Newsletter Subscription
Subscribe to receive the latest news and updates
Enter a valid email
Complete the captcha
Thank you for registering to our newsletter.
Follow us on Facebook