Cheater alert! Odlanor spyware destroys PokerStars and Full Tilt Poker users’ odds of winning

ESET®, a global pioneer in proactive protection for more than two decades, warns users of PokerStars and Full Tilt Poker of a new malicious spyware program called Odlanor. The spyware, which takes screenshots of the infected player’s virtual poker hand, is designed to allow the malware operator to cheat during online games.

As of September 16, several hundred users have been infected with Win32/Spy.Odlanor. Malware researchers at ESET analysed the trojan, discovering that it is installed and activated on Windows systems in a number of ways.

„We have seen this trojan masquerading as a number of benign installers for various general purpose programs, such as Daemon Tools or uTorrent. In other cases, the spyware is installed through various poker-related programs,“ says Robert Lipovsky, Senior Malware Researcher at ESET.

Once installed, the malware first checks if PokerStars or Full Tilt Poker is running. If confirmed, Odlanor proceeds to take screenshots of the poker hand, all without alerting the victim. The screenshots - which capture the player’s cards in the victim’s virtual hand - are then sent to the attacker, giving the criminal an unfair advantage at winning the poker game.

Detailed information is available on ESET’s We Live Security blog - The Trojan Games: Odlanor malware cheats at poker.

Infected Fake Versions of Arcade Games on Google Play Threatened Players with Nasty Trojans

ESET has recently published research on trojan that affected several gaming apps on Android platform. After carefully reviewing our original blogpost and accompanying press release, we are providing an explanation of the facts, since they have been misinterpreted:

The authors of the Mapin trojan have taken legitimate clean code of popular games, added malicious code and uploaded a new package to Google Play, as well as alternate Android app stores. The application names were chosen intentionally to resemble the genuine apps. The code was distributed under a different developer name, and was not signed using the official release code signing certificate belonging to the legitimate companies, such as King. Also, the clean versions of the applications on the Google Play store were not affected. It is a very common malware technique to parasitize on the popularity of legitimate applications.

These apps were not connected to the genuine gaming apps like Candy Crush Saga (produced by the King company). After careful review of our blogpost and accompanying press release in order to prevent further misunderstandings we have adjusted  our blogpost, press release on ESET HQ communication channels – as well as on local websites such as in India which are operated by separate partner companies and with local content.  We apologize for inconvenience caused by the phrasing to the genuine gaming companies. At ESET we are putting in place another review layer for our content, so such misunderstanding does not repeat in the future.

-------------------------------------------------------------------------------------------------------------------------------

ESET discovered an interesting stealth attack on Android users. Cybercriminals created fake versions of popular arcade games such as Plants vs Zombies, Candy Crush or Super Hero Adventure to deliver backdoor Trojan directly onto victim‘s device. These malicious downloads were made available on the official Google Play Store. ESET offers in-depth analysis of this Trojan dropper on WeLiveSecurity.com.