FlightSimLabs is a company that specialises in creating add-ons for commercial flight sim software, adding new aircraft, experiences, and other additions to make those experiences more realistic or expansive. These extraneous bits of software are also expensive, with new jets costing $100 and more.
What you can expect when you buy an add-on from FlightSimLabs is a high-quality recreation of an aircraft. What you don’t expect is for the installer to be loaded with a password-stealing bit of Malware. That’s unfortunately exactly what happened, and the company’s been caught including a password-dumping tool with their aircraft installation files. The file, “test.exe” included in on of their installers is a noted “Chrome Password Dump,” with the capability of harvesting and sending off passwords saved to the browser.
According to FlightSimLabs boss Lefteris Kalamaras, the malware was only intended to target pirates (or rather, a specific pirate in a Honeypot sting).
“I’d like to shed some light on what is actually going on.
1) First of all – there are no tools used to reveal any sensitive information of any customer who has legitimately purchased our products. We all realize that you put a lot of trust in our products and this would be contrary to what we believe.
2) There is a specific method used against specific serial numbers that have been identified as pirate copies and have been making the rounds on ThePirateBay, RuTracker and other such malicious sites.
3) If such a specific serial number is used by a pirate (a person who has illegally obtained our software) and the installer verifies this against the pirate serial numbers stored in our server database, it takes specific measures to alert us. “Test.exe” is part of the DRM and is only targeted against specific pirate copies of copyrighted software obtained illegally. That program is only extracted temporarily and is never under any circumstances used in legitimate copies of the product. The only reason why this file would be detected after the installation completes is only if it was used with a pirate serial number (not blacklisted numbers).
This method has already successfully provided information that we’re going to use in our ongoing legal battles against such criminals.”
While it’s fine for people to protect their IP, this is cold comfort for paying customers who’ve unwittingly downloaded malware – whether or not that malware’s had a chance to run.
FlightSimLabs has updated the installer to remove the offending file, and clarified the situation further:
I would like to further address some of the controversy that has taken place this evening.
I want to reiterate and reaffirm that we as a company and as flight simmers would never do anything to knowingly violate the trust that you have placed in us by not only buying our products but supporting them and FlightSimLabs.
While the majority of our customers understand that the fight against piracy is a difficult and ongoing battle that sometimes requires drastic measures, we realize that a few of you were uncomfortable with this particular method which might be considered to be a bit heavy handed on our part. It is for this reason we have uploaded an updated installer that does not include the DRM check file in question.
I want to thank you all for voicing your concerns in a considerate manner on our forums and elsewhere. We do listen to our customers because without you, there would be no FlightSimLabs.
Whatever the reason, however sincere the apology, loading Malware on to paying customers’ PCs is a dick move. On top of that, the chances that their probably illegally acquired information will lead to prosecution is unlikely – so what on earth was the point of all of this?
Last Updated: February 20, 2018