Malware discovered that lets hackers see online poker players' cards

[midian182]

Poker players using the Full Tilt Poker and PokerStars online games are being targeted by a type of malware that lets hackers spy on their cards. The trojan, named Odlanor, was found within several pieces of software designed to help poker players improve their game, said the security firm that discovered it.

Once it has infected a computer, Odlanor monitors for when a user logs into one of the two aforementioned poker sites. When a player joins a session it will start taking screenshots and sending them back to the trojan’s creators. This allows them to identify the player’s ID, which room they are in, and what cards they’re holding – giving the hackers a massive advantage without the victim realizing.

As of September 16, several hundred users were infected with Odlanor, although it does seem to mostly target those living in Eastern Europe. "We have seen this trojan masquerading as a number of benign installers for various general purpose programs, such as Daemon Tools or uTorrent. In other cases, the spyware is installed through various poker-related programs," said Robert Lipovsky, senior malware researcher at ESET.

Some of the poker-related programs where the malicious software has been found include Tournament Shark, Poker Calculator Pro, Smart Buddy and Poker Office. Odlanor also targets other personal information on a victim's computer such as login names and passwords.

The news comes in the wake of PayPal quietly announcing yesterday that it was returning as an accepted method of payment for a limited number of gambling sites after a 12-year absence from the sector. Online gambling is still illegal in the majority of US states, but an increasing number are introducing bills that would legalize it.

Image credit: Shawn Hempel / shutterstock

Permalink to story.

https://www.techspot.com/news/62161-malware-discovered-hackers-see-online-poker-players-cards.html

 

[Skidmarksdeluxe]

Nice but I'd like to have a a program that puts the gamblers winnings in my pocket instead.

 

[Scshadow]

Nice but I'd like to have a a program that puts the gamblers winnings in my pocket instead.

It seems more direct. The problem is that you're going to have to hack a much more secure system to convince it to put someone else's money in your pocket. Afterwards you have to find a way to prevent the cyber security experts from being able to trace the hack back to you or be tasked with finding a way to hide the funds before they can be frozen or removed from your accounts.

Now hacking your opponent's computer on the other hand... even now that the gambling institutions know the malware exists, they aren't going to send someone out to do all the computer forensics required to 1. confirm you actually got hacked, and 2. positively confirm the identity of the hacker and determine the appropriate amount of damages that should be awarded to you in the court of law. Mainly because they aren't at fault that the end user's computer got hacked. The company is not liable and has absolutely no reason to pursue these cheaters. They can redesign their gaming system in the hopes that it can counteract malware installed on the end user's computer and ideally maintain the integrity of their service, but ultimately its a hard sell that the gambling institution was negligible.The victim in these cases likely do not have the resources to fund a private investigation and thats presuming that these victims ever even realize that they are in fact victims. This could border on the edge of a perfect crime. Victims are mostly not identified and the ones that do, can't fight back.

 

[Skidmarksdeluxe]

It seems more direct. The problem is that you're going to have to hack a much more secure system to convince it to put someone else's money in your pocket. Afterwards you have to find a way to prevent the cyber security experts from being able to trace the hack back to you or be tasked with finding a way to hide the funds before they can be frozen or removed from your accounts.

Now hacking your opponent's computer on the other hand... even now that the gambling institutions know the malware exists, they aren't going to send someone out to do all the computer forensics required to 1. confirm you actually got hacked, and 2. positively confirm the identity of the hacker and determine the appropriate amount of damages that should be awarded to you in the court of law. Mainly because they aren't at fault that the end user's computer got hacked. The company is not liable and has absolutely no reason to pursue these cheaters. They can redesign their gaming system in the hopes that it can counteract malware installed on the end user's computer and ideally maintain the integrity of their service, but ultimately its a hard sell that the gambling institution was negligible.The victim in these cases likely do not have the resources to fund a private investigation and thats presuming that these victims ever even realize that they are in fact victims. This could border on the edge of a perfect crime. Victims are mostly not identified and the ones that do, can't fight back.

I'm never gonna do anything like that, it's too much like hard work and stress but if I had the knowledge and skills to pull something like that off I'd rather use that talent on something a bit more honest.