ESET discovers a new trojan that lets the attacker see the cards of the victim online poker player.
ESET researchers have discovered Odlanor, a trojan, which is used by its malware operator to cheat in online poker by peeking at the cards of infected opponents. It specifically targets two of the largest online poker sites : PokerStars and Full Tilt Poker.
Like a typical computer trojan, users usually get infected with Odlanor unknowingly when downloading some other, useful application. This malware masquerades as benign installers for various general purpose programs, such as Daemon Tools or mTorrent. In other cases, it was loaded onto the victim’s system through various poker-related programs – poker player databases, poker calculators, and so on – such as Tournament Shark, Poker Calculator Pro, Smart Buddy, Poker Office, and others.
Once executed, the Odlanor malware will be used to create screenshots of the window of the two targeted poker clients – PokerStars or Full Tilt Poker, if the victim is running either of them. The screenshots are then sent to the attacker’s remote computer. They reveal not only the hands of the infected opponent but also the player ID. Both of the targeted poker sites allow searching for players by their player IDs, hence the attacker can easily connect to the tables on which they’re playing and gain an unfair advantage of knowing his opponents’ cards.
ESET antivirus users are protected from this infection, since it is detected as Win32/Spy.Odlanor, but online poker players in general should be cautious that they only install verified apps from trustworthy sites.[su_box title=”About ESET” style=”noise” box_color=”#336588″]ESET is a pioneer of proactive protection against cyber threats with its award-winning NOD32 technology. Daily, it protects over 100 million computers, laptops, smartphones, tablets and servers, no matter the operating system. ESET solutions for home and business segment deliver a continual and consistent level of protection against a vast array of existing and emerging threats.[/su_box]