14 DAY TRIAL // PokerStars and Full Tilt Poker users are at risk of being cheated while playing online poker, and at fault is a new malware family called Win32/Spy.Odlanor, or just Odlanor.
Discovered by ESET's security researchers, this new malware strand is focused only on online poker players, helping its authors win poker games by taking screenshots of the opponent's current hand.
Infection comes through third-party applications
Odlanor usually infects users that unwisely download and install software outside of recommended sources. ESET has seen the malware packaged with programs like mTorrent and Daemon Tools, but also with poker-related applications like Tournament Shark, Poker Calculator Pro, Smart Buddy, and Poker Office.
According to ESET's research, once the malware is installed on the victim's computer, it will lie in waiting until the user starts playing online poker using PokerStars and Full Tilt Poker clients.
Once this occurs, the malware will make an initial snapshot and send it to the attacker's server. This screenshot will reveal the infected victim's game ID, which can then be used to connect to the same tables at which the victim is playing.
Once the attacker and the victim are on the same table, the malware will continue to take periodic screenshots, providing an unfair advantage which can be used to win hands in which the two are competing for.
Odlanor is very active in Eastern European countries
ESET researchers could not determine if this malware was used by human attackers, or screenshots were fed to an automated system with OCR (Optical Character Recognition) capabilities.
Additionally, newer versions of Odlanor also included Win32/PSWTool.WebBrowserPassView.B, a malware strand capable of breaking and extracting passwords from various Web browsers.
ESET reports that first versions of this type of malware were first spotted in March 2015, and has been very active in Eastern European countries like Russia, Ukraine, Kazahstan, Belarus, Poland, Hungary, and the Czech Republic.
