Flight sim DLC maker used malware to thieve pirates’ passwords


It’s no longer unusual for builders to have just a little of amusing with those that obtain pirated copies in their video games.

In 2013, for instance, Greenheart Games launched a “cracked” model of Game Dev Tycoon that includes an in-game punishment that made it not possible to development past a undeniable level. Maxis did one thing identical a yr later with The Sims 4. Others merely concede that piracy is inevitable and add their video games to torrent websites prior to pirates be able to take action.

One developer, alternatively, is also taking anti-piracy measures just a little too some distance.

As Motherboard highlights, a Reddit customers not too long ago spotted one thing fishy with an installer for an add-on for Microsoft Flight Simulator. The piece of tool in query, DLC from Flight Sim Labs, Ltd. (FSLabs, for brief), reportedly incorporated a record referred to as “text.exe” which it appears extracts all stored usernames and passwords from Chrome and apparently sends them to FSLabs.

(Screenshot of password stealer courtesy Fidus Information Security)

Andrew Mabbitt, founding father of cybersecurity corporate Fidus Information Security, verified to Motherboard that the malicious tool is certainly incorporated in FSLabs’ installer. Mabbitt described it as “by far one of the most extreme, and bizarre, methods of Digital Rights Management (DRM) we’ve ever seen.”

Lefteris Kalamaras, founder and proprietor of FSLabs, had the next to mention in a discussion board submit:

1) First of all – there are no gear used to show any delicate data of any buyer who has legitimately bought our merchandise. We all understand that you just put numerous agree with in our merchandise and this might be opposite to what we imagine.

2) There is a particular approach used towards explicit serial numbers which have been recognized as pirate copies and feature been making the rounds on ThePirateBay, RuTracker and different such malicious websites.

3) If this type of explicit serial quantity is utilized by a pirate (an individual who has illegally bought our tool) and the installer verifies this towards the pirate serial numbers saved in our server database, it takes explicit measures to alert us. “Test.exe” is a part of the DRM and is best centered towards explicit pirate copies of copyrighted tool bought illegally. That program is best extracted quickly and is by no means beneath any instances utilized in authentic copies of the product. The best reason this record can be detected after the set up completes is provided that it used to be used with a pirate serial quantity (no longer blacklisted numbers).

As Mabbitt issues out, the malware record itself is “dropped on every single PC it [the FSLabs software] was installed on.” Kalamaras doesn’t appear to disclaim this.

In a follow-up submit, Kalamaras mentioned they understand that “a few of you were uncomfortable with this particular method which might be considered to be a bit heavy handed on our part. It is for this reason we have uploaded an updated installer that does not include the DRM check file in question.”

Motherboard notes that FSLabs has no longer but replied to questions relating to what they do with data bought through the password-stealing malware. In Kalamaras’s unique submit (above), it’s famous that “this method has already successfully provided information that we’re going to use in our ongoing legal battles against such criminals.”

Lead symbol by means of Flight Sims Labs Ltd