IT security firm ESET has released details this week about malware that is designed to target players that play at popular Amaya Gaming owned poker sites PokerStars and Full Tilt Poker. The security firm has been tracking the malware, a Trojan named Odlanor, since March this year after they discovered it hidden in various software designed to help players improve their online poker game. They went on to say that there have been over 1000 documented cases since March and that around 70% of the victims are from Eastern European countries, particularly Russia.
Devious by design“This will most certainly force players to stay away from big money heads up games on both of the poker websites until the malware can be completely protected against by anti-virus software.”
The malware works by first infecting a player’s machine and then stealthily monitoring their PC’s activity. Once it ‘sees’ that the player has logged into either Full Tilt or PokerStars it comes to life, taking a screenshot of the player’s onscreen activity which shows what cards they’re currently holding and also their corresponding player ID number. It then sends this screenshot to the malware’s creators who will log into one of the two affected websites and join the same table as the player via their ID number. At this point they are still receiving up to date screen shots in order to see the player’s current hands and with this information they are able to gain a significant advantage in order to win the game and steal their opponent’s money.
High risk has a new meaning
The real danger here is in high stakes heads up games, where players can play 1v1 for thousands of dollars at a time. This will most certainly force players to stay away from big money heads up games on both of the poker websites until the malware can be completely protected against by anti-virus software.
PokerStars has released a statement recommending all players “protect themselves against this sort of attack by practising good computer security. Players should keep their operating system updated, use reliable antivirus software and only install software form reputable sources.” They also went on to state that no direct server attacks have been made on the PokerStars of Full Tilt website and that this malware affects a user’s machine and not PokerStars or Full Tilt hardware or software directly.
The more observant of you out there might have noticed ‘Odlanor’ is actually ‘Ronaldo’ spelt backwards. This is most definitely a cheeky nod by the malwares creators to Christiano Ronaldo’s recent sponsorship deal with PokerStars.