By ZulaZuza in Trojans

Threat Scorecard

Threat Level: 90 % (High)
Infected Computers: 9
First Seen: January 29, 2013
Last Seen: February 9, 2023
OS(es) Affected: Windows

PokerAgent is a dangerous Trojan infection that targets Facebook users. Specifically, PokerAgent is a Trojan designed to target players of the popular Poker application developed by Zynga. The PokerAgent Trojan has managed to steal Facebook login credentials for more than sixteen thousand members of this popular social network! PokerAgent targets Zynga Poker which, today, is the most popular online poker game worldwide. This is specifically due to their popular Texas Hold'em Poker application for Facebook. This game has more than 35 million players every month – this number refers to active players of the game, not inactive users!

PokerAgent steals computer users' Facebook passwords and user names by connecting this information to their online poker login information. This threat was first detected in the Fall of 2011 and was most active in Israel. After PC security researchers notified the Israeli police's computer crime team and Facebook authorities, measures were taken to prevent further attacks involving PokerAgent. Fortunately for computer users, updating their security software and taking basic measures to avoid social engineering attacks while browsing Facebook can easily prevent them from becoming one more victim of the PokerAgent Trojan.

PokerAgent is used to steal login credentials, Zynga poker game scores and all credit card information stored in Facebook's user settings. This credit card information is often entered by players of this popular online game wanting to buy more credit for their poker game. Computer users that had not entered their credit card information would be used to spread the PokerAgent Trojan further by displaying links on their Facebook wall used to lure the victim's Facebook friends to phishing websites and to attack websites containing the PokerAgent Trojan and other malware. The PokerAgent attack was carried out by taking advantage of a botnet composed of eight hundred computers acting together to carry out attacks.

When visiting a website or clicking on a link, it is a smart move to check the website URLs or address in order to ensure that you are actually visiting the page you think you are visiting. Many victims of the PokerAgent attack could have prevented the associated phishing scam by simply taking a look carefully at the fake page's URL before entering their login credentials. ESG security researchers recommend computer users to take extra care when using social networks due to the fact that, as they grow, they are quickly becoming havens for these kinds of attacks.


Most Viewed