Odlanor is Windows malware that targets users of Pokerstars and Full Tilt Poker, and exfiltrates information about their cards to their competitors.
It's a successor to the Zynga-targeting Pokeragent Facebook worm, which was discovered two years ago.
Once executed, the Odlanor malware will be used to create screenshots of the window of the two targeted poker clients – PokerStars or Full Tilt Poker, if the victim is running either of them. The screenshots are then sent to the attacker’s remote computer.
Afterwards, the screenshots can be retrieved by the cheating attacker. They reveal not only the hands of the infected opponent but also the player ID. Both of the targeted poker sites allow searching for players by their player IDs, hence the attacker can easily connect to the tables on which they’re playing.
We are unsure whether the perpetrator plays the games manually or in some automated way.
In newer versions of the malware, general-purpose data-stealing functionality was added by running a version of NirSoft WebBrowserPassView, embedded in the Oldanor trojan. This tool, detected by ESET as Win32/PSWTool.WebBrowserPassView.B, is a legitimate, albeit potentially unsafe application, capable of extracting passwords from various web browsers.
The Trojan Games: Odlanor malware cheats at poker [Robert Lipovsky/We Live Security]
(via Ars Technica)