Hackers using virus to view hole cards on PokerStars and Full Tilt

Pie chart courtesy of ESET showing the location demographic of the Trojans they’ve traced over the last six months.

Multiple mainstream news outlets around the world have reported this week that a piece of malicious malware is being utilised by hackers to view the hole cards of players grinding online poker at two of the industry’s largest and most trusted platforms in PokerStars and Full Tilt.

The Trojan - supposedly called “Win32/Spy.Odlanor” - is being downloaded from sources different than the official websites of the software authors, otherwise innocent and useful piece of poker software like Tournament Shark, Poker Calculator Pro, Smart Buddy and Poker Office. It is also being disguised amidst other, more general purpose programs such as Daemon Tools and mTorrent.

Once it’s been loaded onto a victim’s computer system, it is used to create screenshots of PokerStars and Full Tilt windows while they’re running. The screenshots are then sent to the hacker’s computer.

Needless to say, once these screenshots are viewed, hackers can identify victims via screen names, follow them around the site while simultaneously viewing their private hole cards, and cruelly use this information to their advantage.

According to San Diego based security experts ESET, who have been “observing versions of the malware in the wild”, there are several hundred known victims of the scheme between March 2015 (when the first versions of the virus were unleashed) and this week.

The data they’ve collected shows that the majority of detections are sourced from Eastern European countries - namely Russia (36%), Ukraine (35%), Kazakhstan (11%) and Belarus (10%). Several victims have been revealed to be located in the Czech Republic, Poland and Hungary; but ESET stresses that anyone using PokerStars or Full Tilt can be affected.

It’s overwhelmingly likely that, if you’re reading this and growing concerned, you haven’t been affected in any way shape or form. However, it is of course still worth making sure that your anti-virus software is up-to-date and (now you’re aware of its name, oddly spelled “Ronaldo” backwards) that you remove anything that looks suspicious on your system.



Other Poker news

Leave a Reply

To post comments you need to Login or register your free HighstakesDB account.


No comments have been posted yet.