Trojan.Redgamble

Trojan.Redgamble is a cyber-threat, which is used by cybercriminals to exfiltrate personal details, account credentials, and other sensitive data from the computer of the victim. Threats like this one are usually meant to work for long periods of time, and this is why a Trojan.Redgamble's attack will often introduce new Registry keys and settings whose purpose is to ensure that the threatening application will run whenever the computer starts automatically. Since Trojan.Redgamble is meant to work silently victims are unlikely to notice anything out of the ordinary – this Trojan consumes a minimum amount of system resources, and it often may disguise itself as an important operating system file not to attract any unwanted attention.

The interesting part about Trojan.Redgamble is that it focuses on a very specific group of people – those who enjoy online gambling. When this threat is executed, it checks the list of running processes for a concise list of process names that are associated with online poker clients. If it finds a match, it will begin to monitor the matching process and exfiltrate the following types of data:

• The server that the victim plays on.
• The game room & channel they are participating in.
• The type of the game and the user's account details.
• Take regular screenshots from the game window.

All collected data is saved on the computer, and it is exfiltrated to a remote Command & Control server on a regular basis.

The exact attack vector that Trojan.Redgamble's authors use still unknown, but it is likely to have something in common with online gambling. Often, cybercriminals target their victims by promoting fake cheats that promise to help the victims win a game when, in reality, it will simply drop a cyber-threat on their PCs. The best way to keep your computer safe from Trojan.Redgamble's spying activities is to use a trustworthy anti-virus software suite that is updated regularly.