Data skimming malware known as Magecart has been identified inside the popular tracking platform PokerTracker.
The malicious code was first detected by Malwarebytes and details were made public on August 20.
According to the blog post, PokerTracker users began reporting suspicious activity a few weeks ago. What started as alerts from Malwarebytes’ scanner eventually turned into a full-scale investigation by the cybersecurity company.
Criminals Track User Payment Details
After conducting a variety of tests, experts at Malwarebytes found that Magecart was being used to steal payment details.
As per the technical report, problems around because PokerTracker was using an outdated version of the Drupal content management system (CMS).
“The site was running Drupal 6.3.x while the latest release is 8.6.17. In that time, many known vulnerabilities have been patched,” said TechRadar’s Anthony Spadafora.
After injecting malicious code into PokerTracker’s software and website, the criminals allowed it to automatically launch each time a user was active. Once live, Magecart was able to copy a user’s payment details to a database controlled by the attackers.
PokerTracker hasn’t made it public how many accounts may have been affected. However, Jérôme Segura of Malwarebytes confirmed that the problem has been fixed.
He went on to suggest that it may not be the last attack on the poker community.
“What this incident tells us is that users might encounter web skimmers in unexpected locations—and not just in online shopping checkout pages. At the end of the day, anything that will load unvalidated JavaScript code is susceptible to being caught in the crosshairs,” Segura wrote on August 20.
Cyberattacks are nothing new in the online poker world. In August 2018, PokerStars was forced to compensate players after a DDoS attack caused a number of tournaments to unexpectedly crash.
Just a month later, Winamax was forced to hit the pause button after attackers disrupted its servers.
Unfortunate Victim of Malware Epidemic
Although lessons have been learned from previous incidents, few could have predicted Magecart criminals would have targeted PokerTracker. As noted by Segura, the malware is typically used to steal credit card data from ecommerce sites.
However, in recent months those with bad intentions have cast a broader net than before. Alongside Ticketmaster, British Airways fell victim to the data skimming virus in 2018.
Following a lengthy investigation by European authorities, the airline was fined $230 million for failing to protect customer data.
PokerTracker won’t be subject to the same punishment. However, the attack should serve as a reminder that adequate security software is crucial for anyone playing online poker.
