FlightSimLabs is a developer of a flight simulator game. FlightSimLabs seems to be in a very difficult position to explain why its software contained malware that could intercept passwords from user browsers.
The game code allegedly contained a mechanism for detecting pirated serial copies of the game distributed through Pirate Bay. If the code detected a pirated copy, it triggered a process through which the company stole usernames and passwords from users' browsers.
Anti-piracy systems and DRMs are known, but what FlightSimLabs thought would most likely remain in history as one of the most outrageous.
Όλα ξεκίνησαν χθες στο Reddit όταν ο χρήστης του Flight Sim 'crankyrecursion' ανέφερε το module A320X του FlightSimLabs.
"Using the file 'FSLabs_A320X_P3D_v2.0.1.231.exe' there appears to be a file called 'test.exe'," wrote the crankyrecursion.
"Αυτό το .exe αρχείο προέρχεται από τη σελίδα Securityxploded.com που το περιγράφει σαν εργαλείο ‘Chrome Password Dump.' Το συγκεκριμένο εργαλείο φαίνεται να λειτουργεί, επειδή το πρόγραμμα εγκατάστασης συνήθως τρέχει με δικαιώματα διαχειριστή (UAC prompts). Μπορεί κάποιος να μας πει γιατί συμπεριλαμβάνεται αυτό το εργαλείο σε ένα υποτιθέμενο ασφαλή εγκαταστάτη;"
Let's look at what the head of the company said, who seems to be a Greek:
FlightSimLabs Officer Lefteris Kalamaras said in a post at forum the company's:
"We are aware that there is a reddit thread started tonight about our latest installer and how it includes a tool which indiscriminately captures chrome codes. This is not correct, in fact the reddit thread was posted by a person who is not our customer and has somehow obtained our installer without purchasing it."
"Υπάρχει μια συγκεκριμένη μέθοδος που χρησιμοποιείται για συγκεκριμένους σειριακούς αριθμούς που έχουν αναγνωριστεί σαν πειρατικά αντίγραφα και κυκλοφορούν στο ThePirateBay, το RuTracker και σε άλλες παρόμοιες κακόβουλες τοποθεσίες."
In short, FlightSimLabs installs a password dumper on all user systems, whether pirated or not, and activates the tool when it detects that the game is running under specific pirated serial numbers.
"Το Test.exe είναι μέρος του DRM και απευθύνεται μόνο σε συγκεκριμένα πειρατικά αντίγραφα του software that are copyrighted and obtained illegally. This program works temporarily and is never used in legal copies of it productτος" ανέφερε ο Καλαμαράς.
They continue FlightSimLabs manager stated that the information obtained from the pirates' systems in this way is likely to be used in court or other legal proceedings.
Finally, after the event was published (we found it at TorrentFreak) Mr. Kalamaras said:
"While the majority of our customers understand that combating piracy is a difficult and ongoing battle that sometimes requires drastic measures, we realize that some of you are concerned with this particular method which can be seen as somewhat heavy-handed. For this reason We have uploaded an updated installer that does not include the DRM control file in question."