Flight sim DLC maker used malware to steal pirates' passwords

By Shawn Knight · 18 replies
Feb 19, 2018
Post New Reply
  1. It’s not uncommon for developers to have a bit of fun with those who download pirated copies of their games.

    In 2013, for example, Greenheart Games released a “cracked” version of Game Dev Tycoon featuring an in-game punishment that made it impossible to progress beyond a certain point. Maxis did something similar a year later with The Sims 4. Others simply concede that piracy is inevitable and upload their games to torrent sites before pirates have the opportunity to do so.

    One developer, however, may be taking anti-piracy measures a bit too far.

    As Motherboard highlights, a Reddit users recently noticed something fishy with an installer for an add-on for Microsoft Flight Simulator. The piece of software in question, DLC from Flight Sim Labs, Ltd. (FSLabs, for short), reportedly included a file called “text.exe” which apparently extracts all saved usernames and passwords from Chrome and seemingly sends them to FSLabs.

    (Screenshot of password stealer courtesy Fidus Information Security)

    Andrew Mabbitt, founder of cybersecurity company Fidus Information Security, verified to Motherboard that the malicious software is indeed included in FSLabs’ installer. Mabbitt described it as “by far one of the most extreme, and bizarre, methods of Digital Rights Management (DRM) we’ve ever seen.”

    Lefteris Kalamaras, founder and owner of FSLabs, had the following to say in a forum post:

    1) First of all - there are no tools used to reveal any sensitive information of any customer who has legitimately purchased our products. We all realize that you put a lot of trust in our products and this would be contrary to what we believe.

    2) There is a specific method used against specific serial numbers that have been identified as pirate copies and have been making the rounds on ThePirateBay, RuTracker and other such malicious sites.

    3) If such a specific serial number is used by a pirate (a person who has illegally obtained our software) and the installer verifies this against the pirate serial numbers stored in our server database, it takes specific measures to alert us. "Test.exe" is part of the DRM and is only targeted against specific pirate copies of copyrighted software obtained illegally. That program is only extracted temporarily and is never under any circumstances used in legitimate copies of the product. The only reason why this file would be detected after the installation completes is only if it was used with a pirate serial number (not blacklisted numbers).

    As Mabbitt points out, the malware file itself is “dropped on every single PC it [the FSLabs software] was installed on.” Kalamaras doesn’t seem to deny this.

    In a follow-up post, Kalamaras said they realize that “a few of you were uncomfortable with this particular method which might be considered to be a bit heavy handed on our part. It is for this reason we have uploaded an updated installer that does not include the DRM check file in question.”

    Motherboard notes that FSLabs has not yet responded to questions regarding what they do with information obtained by the password-stealing malware. In Kalamaras’s original post (above), it is noted that “this method has already successfully provided information that we're going to use in our ongoing legal battles against such criminals.”

    Lead image via Flight Sims Labs Ltd

    Permalink to story.

     
  2. gusticles41

    gusticles41 TS Guru Posts: 288   +290

    This guy kept insisting that only pirates are affected.

    That's not the important question. It's "WHAT ARE YOU DOING WITH STOLEN PASSWORDS?
     
    senketsu, Jamlad, KentS and 3 others like this.
  3. robb213

    robb213 TS Maniac Posts: 339   +105

    One illegal action begets another illegal action. I don't see the ends justifying the means here.
     
    KentS and psycros like this.
  4. Camikazi

    Camikazi TS Evangelist Posts: 966   +313

    One hop, skip and jump later and hackers are making this program go off on ALL computers it is installed on and making it go to their server.
     
    KentS and psycros like this.
  5. m4a4

    m4a4 TS Evangelist Posts: 1,121   +654

    Joke's on them, I dont't use Chrome :p
     
  6. Uncle Al

    Uncle Al TS Evangelist Posts: 4,164   +2,637

    Only the strong survive .......
     
  7. wiyosaya

    wiyosaya TS Evangelist Posts: 2,849   +1,393

    Given that the methods used to obtain this data are just as illegal as pirating, I have to wonder whether any of this could be admissible in a court case.
     
    KentS, psycros and treetops like this.
  8. hood6558

    hood6558 TS Evangelist Posts: 352   +109

    This seems excessive, and the punishment could be worse than the crime (pirate a $30 game and have your identity stolen, maybe bank account drained). Or worse, the victim may not even know his copy is pirated (a "friend" telling him he can use "my" serial number to play the game, then loading the pirated copy on the unsuspecting guy's PC). In his case, he's only guilty of stupidity, or being too trusting, but still get's his passwords stolen.
     
    KentS and psycros like this.
  9. psycros

    psycros TS Evangelist Posts: 2,181   +1,714

    The answer is yes. If someone steals your favorite lawn gnome you can't retaliate by stealing their birdbath and then expect the cops to be OK with that.
     
    KentS likes this.
  10. Daithi

    Daithi TS Booster Posts: 83   +95

    “this method has already successfully provided information that we're going to use in our ongoing legal battles against such criminals.”

    Yeah, good luck with that.
     
    KentS likes this.
  11. KentS

    KentS TS Rookie

    "We all realize that you put a lot of trust in our products and this would be contrary to what we believe"
    Actually sweetheart, your action proves that you have a complete lack of understanding - Zero. Good to know that you found a new method of income by dumping malware on your customer. FSLabs, you just lost a paying customer. I hope it was worth ruin your reputation...

    I heard that Linux is working on sandboxing software and games so that they won't have access to the whole system, maybe now is the time for me to fully switch to Linux to prevent **criminals** such as FSlabs from potentially install malware. Yes FSLabs, you are criminals, and even worse criminals than those who supposedly motivated you. From now on, you're blacklisted from my wallet.
     
  12. Forebode

    Forebode TS Booster Posts: 171   +38

    Well, guilty of being stupid and stealing a product. Stupidity isn't a good defense. If you're speeding because someone else is speeding on a road you don't know the speed.. You're still speeding. //that said, I don't condone a key-logger.
     
  13. Forebode

    Forebode TS Booster Posts: 171   +38

    It's essentially a sting operation, what the developers fail to realize is that they aren't an authority. Instead they're releasing malware. They have every right to release a broken clone of their game that is meant to give pirates a bad time.. in the game. The second it's laced with anything malicious...

    Here's the other problem. Not everyone is up on the news. What if the installer is stripped of the key-logger/sender and instead, another virus/rat/whatever is implemented? Devs just gave a loophole for other types of attacks.
     
  14. stewi0001

    stewi0001 TS Evangelist Posts: 1,906   +1,287

    Remember when Gary's Mod would produce an error for pirated copies? Good times...
     
  15. alabama man

    alabama man TS Guru Posts: 517   +316

    Not saying they did it right but something that bricked you gpu or cpu if you pirated a game would be kind of cool. I don't know how they could do it with 100% accuracy but if they could I would be down with it. With current devs it would only affect paying customers and be horrible but if it was made by CD project red or some similar entity it could be done correctly, just keep ubisoft far away from it. It's not like they can guarantee what an unofficial version of their game does to your hardware and I would see it legally more sound than stealing passwords.
     
  16. Camikazi

    Camikazi TS Evangelist Posts: 966   +313

    Even trying that would bankrupt the company overnight, you can very easily prove what the software did and pirated or not them bricking ANYTHING that isn't theirs would end in lawsuits from every direction. Remember, "bricking" something like a GPU or other hardware requires screwing with firmware and that is not easy to do and get away with.
     
  17. Brant

    Brant TS Rookie

    Interesting claims by the company. First they claim they are within rights to break Federal Computer and Fraud laws, and then claim the omnipotence that the software would only and always be used on a computer that the pirate owns.


    This is insane. This should amount to criminal charges with very long prison sentences.
     
  18. roberthi

    roberthi TS Addict Posts: 324   +83

    LOL! Good luck with the "legal" battles. You're using the same logic as, well he stole my car, so I stole his bicycle. Guess what? You're not going to win this in court.
     
  19. MUMMZ

    MUMMZ TS Enthusiast Posts: 43   +8

    Fighting fire with fire...really???...We need more of this legalized in the digital world. We need cyber criminals punished for their online crimes...
     

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...