Flight Sim Labs, makers of various add-ons for Microsoft Flight Simulator X, has landed in some hot water over malware allegedly included in one of their products.
Flight Sim Labs makes various planes for popular flight sims, like the Concorde-X. Or other tools, like one that lets you control the lights on your aircraft. But an installer for one plane, the A320-X was causing anti-virus alerts for some users. Reddit user crankyrecursion examined his copy of the installer “simply out of curiosity” and found the embedded malware. The user then posted a notice for other players.
“… there seems to be a file called ‘test.exe’ included. This .exe file… is touted as a ‘Chrome Password Dump’ tool, which seems to work – particularly as the installer would typically run with Administrative rights (UAC prompts) on Windows Vista and above.”
The malware in question stems from an executable bundled into the installer (The installer in question is (FSLabs_A320X_P3D_v18.104.22.168.exe) for this add-on. The process spawned by test.exe will inject code into Chrome browser processes in order to steal passwords from the Chrome password store.
This alarming file was addressed by FSL. In this forum post, the dev shed some light onto what the file is, why its there and how it works. Due to the importance of this story, I’ll copy and paste his quote down below.
1) First of all – there are no tools used to reveal any sensitive information of any customer who has legitimately purchased our products. We all realize that you put a lot of trust in our products and this would be contrary to what we believe.
2) There is a specific method used against specific serial numbers that have been identified as pirate copies and have been making the rounds on ThePirateBay, RuTracker and other such malicious sites.
3) If such a specific serial number is used by a pirate (a person who has illegally obtained our software) and the installer verifies this against the pirate serial numbers stored in our server database, it takes specific measures to alert us. “Test.exe” is part of the DRM and is only targeted against specific pirate copies of copyrighted software obtained illegally. That program is only extracted temporarily and is never under any circumstances used in legitimate copies of the product. The only reason why this file would be detected after the installation completes is only if it was used with a pirate serial number (not blacklisted numbers).
He then goes onto say that this method has been successful in catching those who have stolen their content and is being used in ongoing legal battles.
What this means is that FSL is stealing confidential information and then using it to identify users and sue alleged pirates. Information privacy laws concerning this kind of behavior are widespread. Most of Europe have consumer privacy laws that may apply in these cases. And most formal courts have required discovery processes that must be adhered to for evidence to be submitted as part of a lawsuit. So in short, what FSL is doing is probably illegal in more ways than one.
This isn’t the first time a company has done something illegal in the name of “DRM” either. Sony faced a class action lawsuit over use of a rootkit in its products. They lost that case BTW.
Regardless of whether of file itself is temporary, it’s clear that FSL have done something that breaches the privacy of their users. It’s also impossible for a guarantee to be made that innocent users wouldn’t be affected by the malware, assuming their claims about it being a DRM scheme are true.
And frankly, it’s not really a DRM scheme as much as it is a mechanism for the illegal identification of users, or doxing.
In order to assuage justifiably angry consumers, FSL issued another statement:
I want to reiterate and reaffirm that we as a company and as flight simmers would never do anything to knowingly violate the trust that you have placed in us by not only buying our products but supporting them and FlightSimLabs.
While the majority of our customers understand that the fight against piracy is a difficult and ongoing battle that sometimes requires drastic measures, we realize that a few of you were uncomfortable with this particular method which might be considered to be a bit heavy handed on our part. It is for this reason we have uploaded an updated installer that does not include the DRM check file in question.
I want to thank you all for voicing your concerns in a considerate manner on our forums and elsewhere. We do listen to our customers because without you, there would be no FlightSimLabs.
What do you think of this kind of behavior? Are their justifications valid? The company has since published a new version of the installer that doesn’t include the password-stealing code, but it’s safe to say their reputation is shot for many former fans.