Odlanor malware now has the dubious distinction of being the latest threat out of Eastern Europe when it comes to hacking.
Poker players who stream their online games on Twitch either do so on a delay or hide their hole cards, because it is virtually impossible to win at poker if your opponents know what you are holding.
But this new piece of malware making the rounds can expose the screens of unsuspecting players to their competitors.
According to IT security firm ESET, the malware known as Odlanor has been found in circulation since at least March 2015. The firm says that several hundred users have been infected with the program, most of them coming from Russia, Ukraine, and other Eastern European countries.
Malware Installed with Poker Software
The report says that players have found that the program was installed while they were trying to install some other poker-related software, including programs like Poker Office and Tournament Shark. These programs were being downloaded from unofficial sources, such as torrents or alternate download sites, and the Trojan came along for the ride without the user noticing.
Once it is installed, the Odlanor program works in a very simple manner. It only targets two poker rooms, though they make up a very high percentage of all online poker play: PokerStars and Full Tilt. If the victim of the malware is playing on either of these sites, then Odlanor will take screenshots of the clients that are open. The attacker will then receive the screenshots, which will include the player ID of the victim.
That then means that the attacker can seek out the victim, receive screenshots in real time, and win money from them at whatever tables the infected player is sitting in. This would be less effective in tournaments, or in Full Tilt games that now use poker room-style assigned seating, but that would be little comfort to a victim who runs into their attacker during a high-stakes tournament without knowing it.
Some new versions of the Odlanor malware go even further. In these cases, data-stealing functions are added on top of the screenshot functionality, making it even more dangerous for the victim.
Online Hole Cards Compromised Before
This is hardly the first time that poker players have had concerns that opponents had access to their hole cards without their knowledge. In an infamous case from 2007, Patrik Antonius and Johnny Lodden say they were cleaned out by a player who infected their computers with malware while chatting with them on MSN Messenger.
Worries about a similar scheme were raised in 2013, when Finnish poker pro Jens Kyllonen and others felt that their computers may have been tampered with during the European Poker Tour Barcelona stop. While little ultimately came of this situation, many believe to this day that the incident was another attempt by hackers to gain access to either personal information or view the screens of high rolling players.
The most infamous example of all came to light in 2007, when players at Absolute Poker began to suspect that a player known as “POTRIPPER” was able to see the hole cards of other players after they won a tournament in a suspiciously dominant manner. After an investigative player was accidentally given a complete hand history of the tournament, including all of the hole cards for all players, the extent of POTRIPPER’s knowledge became clear.
Absolute Poker eventually released a statement claiming that “a high-ranking trusted consultant” was behind the cheating, saying that the person had access to security systems that gave him the ability to see all cards in play.