Malware Targeting PokerStars And Full Tilt Players

Home » Poker News » Malware Targeting PokerStars And Full Tilt Players

Monday, October 5th, 2015 | Written by Stephen Smith

Many poker players around the world have recently found themselves in the midst of losing streaks when they’re at the virtual tables, but it turns out this rash of losings has nothing to do with luck or skill. Although the number of players affected isn’t fully known, it is clear that at least some players have fallen victim to a piece of cheating malware, known as Win32/Spy.Odlanor, that is making it impossible for them to win. The Odlanor software was first detected by San Diego-based security firm ESET, and commenting on the pressing issue, Senior Malware Researcher Robert Lipovsky said:

“The largest number of detections comes from Eastern European countries. Nevertheless, the trojan poses a potential threat to any player of online poker. Several of the victims were located in the Czech Republic, Poland, and Hungary.”

About Win/32Spy.Oldanor

The malware in question is called Win/32Spy.Oldanor, and it seems to have been developed by hackers located somewhere in Eastern Europe. When the software is installed on an unsuspecting player’s computer, it makes it possible for their screens to be viewed by third-parties in real time. As a result, players who hide their hole cards when playing via live streaming no longer have the advantage of keeping their cards a secret. Their opponents at the table can easily see what they have in hand and bet accordingly.

Once a player has Win/32Spy.Oldanor installed on their computers, the hackers who are responsible for creating and distributing it can easily find them on online. The hackers will wait until an infected player arrives at an online poker table and then opt to join them. Then, they simply sit back and watch the screenshots, so that they can win. Because of the way the malware works, most victims’ losses have been at the cash tables, rather than at tournaments and games with assigned tables.

Specific To PokerStars And Full Tilt

The malware specifically targets two of the most popular iPoker sites in the world, Poker Stars and Full Tilt, with the Win32/Spy.Odlanor perpetrator joining the virtual table where the intended victim is gambling. Screenshots of the opponent’s hole cards are subsequently sent back to the perpetrator’ remote computer, and as Robert Lipovsky explains:

“Afterwards, the screenshots can be retrieved by the cheating attacker. They reveal not only the hands of the infected opponent but also the player ID. Both of the targeted poker sites allow searching for players by their player IDs, hence the attacker can easily connect to the tables on which they’re playing.”

Where the Malware Originates

Unfortunately, most people whose computers are infected with Win/32Spy.Oldanor have no idea that it’s impacting their poker playing. Experts have traced the malware to torrent sites and other shareware types of sites that provide unofficial copies of programs like Tournament Shark and Poker Office. The software is disguised as a harmless installer, so people don’t notice that it is now present on their computers. While experts can’t be certain exactly when Win/32Spy.Oldanor was first introduced, it is clear that it has been infecting computers since at least March 2015.

Previous Instances of Hacking

Win/32Spy.Oldanor isn’t the first malware that has targeted online poker players. In 2007, a player on the site Absolute Poker named POTRIPPER drew attention for consistent winnings. Investigations brought to light that the player was a consultant for the developer behind Absolute Poker. The individual had managed to collect screenshots of countless players’ hole cards. There have been rumors of hacking since, including in 2013 when professional player Jens Kyllonen stated that he believed he was hacked in the midst of the European Poker Tour. After consulting online security firm F-Secure, the Finnish pro later discovered that a Trojan horse had been installed on his laptop, but unfortunately was hindered in his attempt to lodge a formal complaint with Barcelona authorities by PokerStars.

The poker room had apparently told Kyllönen on several occasions that it had already taken the matter to authorities, a claim that later proved to be untrue, and was passed of by PokerStars as a “misunderstanding”. As Lee Jones, Head of Poker Communications at PokerStars, later explained in a letter to Kyllonen:

“Obviously, we are sorry about your being misinformed about the police being contacted (or not) at the outset of the investigation. That was certainly never intentional – it was a mistake caused by the confusion of the early days after the incident… To be quite clear, Jens – we did not sweep this incident under the carpet.. That’s just how the world works sometimes.”

Staying Safe

While hackers continue to find sophisticated methods of distributing malware and gaining access to computers, the lesson out of the Win/32Spy.Oldanor incident is that it’s always best to stick to official copies of poker software programs. Even high stakes poker players can’t afford to gamble when it comes to the safety of their computers.