FlightSimLabs is a developer of a flight simulator game. FlightSimLabs seems to be in a very difficult position to explain why its software contained malware that could intercept passwords from user browsers.
The game code allegedly contained a mechanism for detecting pirated serial numbers of the game being distributed through Pirate Bay. If the code detected a pirated copy, it triggered a process by which the company stole user names and passwords from users' browsers.
Anti-piracy systems and DRMs are known, but what FlightSimLabs thought would most likely remain in history as one of the most outrageous.
It all started yesterday at Reddit when Flight Sim user 'crankyrecursion' mentioned FlightSimLabs' A320X module.
“Using the file 'FSLabs_A320X_P3D_v2.0.1.231.exe' there appears to be a file called 'test.exe',” wrote the crankyrecursion.
“This .exe file comes from the Securityxploded.com page which describes it as a 'Chrome tool Password Dump.' Το συγκεκριμένο εργαλείο φαίνεται να λειτουργεί, επειδή το πρόγραμμα εγκατάστασης συνήθως τρέχει με δικαιώματα διαχειριστή (UAC prompts). Μπορεί κάποιος να μας πει γιατί συμπεριλαμβάνεται αυτό το εργαλείο σε ένα υποτιθέμενο ασφαλή εγκαταστάτη;”
Let's look at what the head of the company said, who seems to be a Greek:
FlightSimLabs Officer Lefteris Kalamaras said in a post at forum the company's:
"We know there's a thread on Reddit that started tonight about our latest installer and how it includes a tool that indiscriminately records Chrome passwords. That's not right, in fact, the thread on Reddit was posted by someone who is not our customer and has somehow acquired our installer without buying it. "
“There is a specific method used for certain serial numbers that have been identified as pirated copies and are circulating on ThePirateBay, the RuTracker and other similar malicious sites.”
In short, FlightSimLabs installs a password dumper on all user systems, whether pirated or not, and activates the tool when it detects that the game is running under specific pirated serial numbers.
“Test.exe is part of DRM and only targets certain pirated copies of copyrighted software that were obtained illegally. This program works temporarily and is never used in legal copies of it productsaid Kalamaras.
Continuing the FlightSimLabs officer said that information obtained from pirates' systems in this way is likely to be used in court or other legal proceedings.
Finally, after the event was published (we found it at TorrentFreak) Mr. Kalamaras said:
"While the majority of our clients understand that the fight against piracy is a difficult and ongoing battle that sometimes requires drastic action, we realize that some of you are concerned about this particular method which may be considered somewhat difficult. That's why we uploaded an updated installer that does not include this DRM control file. ”
