Magecart Malware Put PokerTracker Users at Risk

Data skimming malware known as Magecart has been identified inside the popular tracking platform PokerTracker.

PokerTracker Magecart

An investigation by Malwarebytes found that PokerTracker users had been susceptible to Magecart attacks. (Image: Tiger Mobile)

The malicious code was first detected by Malwarebytes and details were made public on August 20.

According to the blog post, PokerTracker users began reporting suspicious activity a few weeks ago. What started as alerts from Malwarebytes’ scanner eventually turned into a full-scale investigation by the cybersecurity company.

Criminals Track User Payment Details

After conducting a variety of tests, experts at Malwarebytes found that Magecart was being used to steal payment details.

As per the technical report, problems around because PokerTracker was using an outdated version of the Drupal content management system (CMS).

“The site was running Drupal 6.3.x while the latest release is 8.6.17. In that time, many known vulnerabilities have been patched,” said TechRadar’s Anthony Spadafora.

After injecting malicious code into PokerTracker’s software and website, the criminals allowed it to automatically launch each time a user was active. Once live, Magecart was able to copy a user’s payment details to a database controlled by the attackers.

PokerTracker hasn’t made it public how many accounts may have been affected. However, Jérôme Segura of Malwarebytes confirmed that the problem has been fixed.

He went on to suggest that it may not be the last attack on the poker community.

“What this incident tells us is that users might encounter web skimmers in unexpected locations—and not just in online shopping checkout pages. At the end of the day, anything that will load unvalidated JavaScript code is susceptible to being caught in the crosshairs,” Segura wrote on August 20.

Cyberattacks are nothing new in the online poker world. In August 2018, PokerStars was forced to compensate players after a DDoS attack caused a number of tournaments to unexpectedly crash.

Just a month later, Winamax was forced to hit the pause button after attackers disrupted its servers.

Unfortunate Victim of Malware Epidemic

Although lessons have been learned from previous incidents, few could have predicted Magecart criminals would have targeted PokerTracker. As noted by Segura, the malware is typically used to steal credit card data from ecommerce sites.

However, in recent months those with bad intentions have cast a broader net than before. Alongside Ticketmaster, British Airways fell victim to the data skimming virus in 2018.

Following a lengthy investigation by European authorities, the airline was fined $230 million for failing to protect customer data.

PokerTracker won’t be subject to the same punishment. However, the attack should serve as a reminder that adequate security software is crucial for anyone playing online poker.

Written by
Daniel Smyth
Dan Smyth is a poker media journeyman who politely reminds CardsChat readers that poker is played all around the world, not just America.


Andrew Popov wrote...

CMS Drupal has long existed in the 7th and 8th version.

freddydr87 wrote...

That was a very sad news,peaple who use poker traker will no longuer trust in the app,and off course,the ones afected can suit poker traker,I would change automatylly change password from all my sites.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Did you know about our poker forum?

Discuss all the latest poker news in the CardsChat forum