Malware takes screenshots of the infected players virtual poker hand
“Malicious spyware is targeting users of Full Tilt Poker and PokerStars online games, ESET researchers have revealed.
The spyware, named Odlanor, takes screenshots of the infected players virtual poker hand and their player ID, the screenshots are then sent to the attacker who joins the victims virtual table by searching for the particular player ID. Thus, the attacker has the unfair advantage of being able to see the victims hand.
As of September 16, several hundred users have been infected with the Odlanor malware. Like a typical computer Trojan, users usually get infected with Win32/Spy.Odlanor unknowingly when downloading some other, useful application from sources different than the official websites of the software authors.
This malware masquerades as benign installers for various general purpose programs, such as Daemon Tools or mTorrent. In other cases, it was loaded onto the victims system through various poker-related programs poker player databases, poker calculators, and so on such as Tournament Shark, Poker Calculator Pro, Smart Buddy, Poker Office, and others.
The screenshot below shows the parts of the malware code that search for PokerStars and Full Tilt Poker windows:
ESET have observed several versions of the malware in the wild, the earliest from March 2015. In newer versions of the malware, general-purpose data-stealing functionality was added by running a version of NirSoft WebBrowserPassView, embedded in the Oldanor trojan. This tool, detected by ESET is a legitimate, albeit potentially unsafe application, capable of extracting passwords from various web browsers.”