Malware Product Exploiting Full Tilt and PokerStars Players

September 19th, 2015 | by Kaycee James
Malware infecting Full Tilt and PokerStars players.

Security experts discover malware exploiting players on Full Tilt and PokerStars. (Image:

The online poker community was put on high alert this week after security experts discovered malware actively exploiting players on two of the largest sites in the world.

Following investigations by malicious software analysts such as ESET, a Trojan known as Win32/Spy.Odlanor has been found to be exploiting players on Full Tilt and PokerStars using a system of screen grabs and remote data transference.

Experts Tracking the Virus

After reports of suspicious activity began to ring out across the Internet, ESET’s experts began to monitor instances of Win32/Spy.Odlanor and found that it is being attached to victim’s computers through a variety of methods, including downloads of common poker products.

Once the virus has been transmitted to a player’s computer, it first scans the system for PokerStars and Full Tilt software. After latching onto these products, Win32/Spy.Odlanor kicks into life and transmits signals each time the online poker sites are loaded up.

Each time the player plays a hand, the malicious software takes screenshots of the host’s computer and, subsequently, relays the information back to the criminal.

This process then allows the person responsible for sending the virus to see their opponent’s hole cards and gain an unfair advantage.

Although Win32/Spy.Odlanor isn’t a new piece of malware, this is the first known instance of it being used in this way. According to reports, a “few hundred” players have been affected and the majority reside in Eastern Europe.

However, experts are warning players to be vigilant at all times otherwise the software could easily spread to many more computers.

Another Reminder to Remain Vigilant

According to Robert Lipovsky, an analyst at ESET, the last major incident involving spyware and poker he can recall was a program known as PokerAgent.

Infecting players who anted up on Facebook’s main poker product, Zynga, PokerAgent was able to steal personal details and credit card information.

However, for real money poker players, the most memorable instance of hole cards being compromised was the infamous PotRipper scandal.

Taking place on the now defunct Absolute Poker back in 2007, an account with the handle ‘PotRipper’ was able to see the hole cards of players of anyone it played against.

After extensive investigations by members of the poker community, it was revealed that ‘PotRipper’ hadn’t in fact used malware to infiltrate player’s computers, but was an account given inside access by someone working at Absolute Poker.

The account was later referred to as a “super user” and the once the dust had settled it was revealed that victims of ‘Pot Ripper’ had been duped out of an estimated $7 million.

Although the latest incident is unlikely to cause that much damage, it should serve as a timely reminder to all online poker players that they should remain vigilant at all times.


    Leave a Reply

    Your email address will not be published. Required fields are marked *