‘PokerAgent’ Trojan Misused Login Credentials of 16,000 Facebook Users

ESET, a security firm has encountered a social engineering Trojan horse called, 'PokerAgent' that coped to grab the login details of more than 16,000 facebook users.

The 'PokerAgent' Trojan targeted Zynga(TM) Poker online game, the most famous online poker website in the world. Zynga Poker displays Texas Hold'EM Poker App for Facebook.

As per APPData™, the game has more than 35 Million active monthly users.

Though ESET initially started studying the Trojan in the early 2012; however, it was detected in December 2011 itself.

The Trojan is coded in C#, which makes the source code easier to decompile for access. The two primary functions of the Trojan include location of Facebook users with credit cards that are required to be linked to their account and Zynga Poker players. The other function relates to the expansion of its database of Facebook credentials. The Trojan does not interferes directly with the victim's own Facebook account. It only uses the computer of its host in order to seek information on other Facebook users. The botnet only serves as a proxy states the ESET, so that the illegal activities do not get carried out from the computer of the perpetrator, i.e. the botnet's C&C server.

In the words of Ronen Moas, ESET Israel Director, PokerAgent is actually only infecting the users of Israel, as published in a statement of timesofisrael.com on January 29, 2013. Though this is not the first time that these kinds of threats are being exhibited on Facebook, it definitely could be termed as the first time attack targeting Israeli users particularly.

"The truth is that Israel is a small country with specific number of people who speak Hebrew, and that has somewhat protected us, as hackers prefer to write attacks that will have an effect on a larger number of peoples in larger countries, where they can achieve more," Moas claims.

That being the case, he said, it appeared that the distributors of the computer virus were instigated by incredibly some other treasure other than money. "I wouldn't be amazed if this attack turned out to be part of the international cyber terror campaign being organized against Israel daily," Moas said.

Security experts concludes that the efforts from ESET, Israel's Computer Emergency Response Team (CERT) and law enforcement could well have been the means for the failure of PokerAgent.

Related article: “Loopholes did not cause online banking thefts”: ICBC

» SPAMfighter News - 2/8/2013