RAT-wielding attacker compromises poker player's laptop
Posted on 11.12.2013
The laptop of a high-profile Finnish poker player has been found to contain spying malware after the device was stolen from and then returned to his room in a 5-star hotel in Barcelona.

Having left his laptop in the room while he played in the European Poker Tour held in the hotel, he couldn't find it once he returned to it for a break. Believing his roommate might have borrowed it, he initially thought nothing of it.

But after having asked the roommate if that was the case and receiving a negative response, then finding the laptop in his room, on the very spot he initially left it, and finally discovering that the laptop no longer required him to enter the login password and the OS not booting properly, he grew suspicious.

The entire story (as told by the Jens Kyllönen himself) has many twists and reads like a detective novel.

It's still unknown who was behind the compromise, but the interesting thing is that his roommate - also a poker player - had the same thing happen to him a few days later.

In order to discover whether his laptop was compromised, Kyllönen turned to the experts of Finnish AV experts F-Secure, who, surely enough, found a Remote Access Trojan (RAT) on it - with timestamps coinciding with the time when the laptop had gone missing.

"Apparently, the attacker installed the trojan from a USB memory stick and configured it to automatically start at every reboot. A RAT, by the way, is a common tool that allows an attacker to control and monitor a laptop remotely, viewing anything that happens on the machine," the researchers pointed out.

"Laptop security is paramount for professional poker players, especially those who play online," they noted, adding that this particular RAT allowed attackers to see the cards the victim holds in his hands during an online poker game:


The attack works for all online poker sites, and the malware is Java-based, which means that it can function on Windows, OS X, and Linux.

"This is not the first time professional poker players have been targeted with tailor-made trojans," the researchers shared. "We have investigated several cases that have been used to steal hundreds of thousands of euro. What makes these cases noteworthy is that they were not online attacks. The attacker went through the trouble of targeting the victims' systems on site."

They also pointed out that the same attack can be leveraged against any person that uses his or her laptop to handle large amounts of money, such as for example business executives.

"If you have a laptop that is used to move large amounts of money, take good care of it," the researchers advise. "Lock the keyboard when you step away. Put it in a safe when you're not around it, and encrypt the disk to prevent off-line access. Don't surf the web with it (use another laptop/device for that, they're relatively cheap)."





Spotlight

(IN)SECURE Magazine issue 43 released!

Posted on 16 September 2014.  |  (IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics. This issue covers web application security, mobile hacking, certification, Black Hat, and much more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Sep 17th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //