An anonymous reader writes with the story that ESET researchers have uncovered spyware targeting online poker players
, called Odlanor, which works by sending screenshots of a player's game (along with that player's in-game identity) to the attacker; the attacker can then search for the player with that ID, and enjoy an unfair advantage. (Also at The Inquirer
.) From the ESET report:
In newer versions of the malware, general-purpose data-stealing functionality was added by running a version of NirSoft WebBrowserPassView, embedded in the Oldanor trojan. This tool, detected by ESET as Win32/PSWTool.WebBrowserPassView.B, is a legitimate, albeit potentially unsafe application, capable of extracting passwords from various web browsers. ... The trojan communicates with its C&C, the address of which is hardcoded in the binary, via HTTP. Part of the exfiltrated information, such as the malware version and information identifying the computer, are sent in the URL parameters. The rest of the collected information, including an archive with any screenshots or stolen passwords, is sent in the POST request data.