The house always wins at the casino, both offline and online. And for some 16,000 Israelis who played Texas HoldEm online recently, the losses were even worse than they had gambled on. A Trojan horse that had apparently infiltrated a Facebook app from ZyngaPoker stole their credit card information, the anti-virus company ESET announced Monday.
Alarmingly, the attack may not have been an attempt to steal credit card data but rather part of the international cyber war against Israel, the company’s director said.
Zynga is the biggest provider of Facebook apps, the company behind popular apps like Farmville and Draw Something. The Trojan horse, called Poker Agent, apparently targeted Zynga’s poker game, hijacking the login and credit card information needed to play online. If a user has not submitted that information, the active virus presents a page, in Hebrew, directing the user to a phony Facebook page that requires them to fill in the missing data before they can continue playing.
ESET said it had been tracing the progress of Poker Agent for over a year and had informed Israeli police and the National Cyber Bureau and was coordinating with CERT, the international computer threat organization. ESET said that law enforcement officials in Israel had opened an investigation, and that the anti-virus company had decided not to release details about the Trojan horse earlier in order not to hamper the investigation.
Poker Agent is apparently only infecting Israeli users, ESET Israel director Ronen Moas said. “This is not the first time we have seen these kinds of threats on Facebook, but it is definitely the first time we have seen an attack targeting Israeli users specifically.
“The fact that Israel is a small country with a limited number of people who speak Hebrew, and that has somewhat protected us, because hackers prefer to write attacks that will affect a larger number of people in bigger countries, where they can profit more,” Moas said.
That being the case, he added, it appeared that the distributors of the virus were motivated by something other than money. “I wouldn’t be surprised if this attack turned out to be part of the international cyber terror campaign being conducted against Israel daily,” Moas said.