This Online Poker Malware Lets Cheaters Read Your Cards

Someone's been rigging Texas Hold 'Em pots since March. 


For those of you experiencing a mystifying cold streak in online poker performance, we have some good news about that feeling of paranoia: You’re not crazy.

Robert Lipovsky, a researcher at Slovakian security firm ESET, has uncovered malware that targets online poker players in a truly creepy way. The trojan has cheated hundreds on the Full Tilt Poker and PokerStars platforms, allowing the perpetrator to read others cards as they play. Though it’s uncertain exactly how many stolen pots this trojan has in its pocket, a 2012 study in the Journal of Gambling Business and Economics on online gambling found that the total observed playing volume over six months for a group of a little over 2 million players was $378 million.

Like a lot of malware, users probably got it on their computers from downloading an application from sources unconnected to the software authors’ official sites. From there, Lipovsky explains how it works:

Once executed, the Odlanor malware will be used to create screenshots of the window of the two targeted poker clients — PokerStars or Full Tilt Poker, if the victim is running either of them. The screenshots are then sent to the attacker’s remote computer.
Afterwards, the screenshots can be retrieved by the cheating attacker. They reveal not only the hands of the infected opponent but also the player ID. Both of the targeted poker sites allow searching for players by their player IDs, hence the attacker can easily connect to the tables on which they’re playing.

Researchers don’t know if the attacker is pulling up a virtual chair at your table manually or using some sort of automation.

Evidence of the malware can be traced back to at least March of this year. Sadly, we’ve yet to develop a digital way to flip over a table and demand that dirty cheater meet us in the town square at high noon.