[BreachExchange] FlightSimLabs admits to installing malware on users’ PCs

Destry Winant destry at riskbasedsecurity.com
Wed Feb 21 18:25:41 EST 2018


http://www.gameguru.in/general/2018/21/flightsimlabs-admits-installing-malware-users-pcs/

If you’re one of those folks who indulge in flight simulation programs
now and then, you’ve probably heard of FlightSimLabs (FSL). The studio
makes add-ons for third-party flight sims. Well, they’ve just been
caught installing malware on customers’ PCs. Amidst pressure from all
quarters to come clean, the company has issued an apology of sorts and
updated the installer in question.

They’ve clarified that the DRM check file embedded in their A320-X
module was only intended to hit those who used pirated versions of it.
The add-on included a program which was being installed stealthily on
users’ computers. It was designed to potentially steal passwords from
Chrome’s cache. If that’s not malware, what is? While acknowledging
the issue, the studio has also gone to a great extent to defend
itself.

But the admission of guilt is hardly enough and it feels like FSL
could have a legal wrangle in its hands if legitimate customers
consider pursuing the matter in court. CEO Lefteris Kalamaras, has
taken great pains to point out that the Reddit thread which started
the conversation, was posted by someone who downloaded the installer
without purchasing it; as if it justifies FSL’s ham-fisted approach to
anti-piracy.

The password-stealing tool was built to harvest a user’s private
information if it detected certain combinations of usernames, email
addresses and serial numbers previously identified to be associated
with piracy. This stolen data would then be sent to FSL to fight their
‘ongoing legal battles against such criminals’. Mistyped or unknown
serial numbers would apparently not trigger the DRM tool.

There’s no explanation as to why FSL went to great lengths to plant
such a shady (and possibly illegal) code in their A320-X module,
instead of just banning the serial numbers that were known to be
spurious. While the company is assuring users that the DRM checker
gets automatically booted out of the system once the sim’s setup and
registration process is over, many are understandably alarmed.

FSL’s forum is currently being updated with demands for refunds by
disenchanted customers. Imagine paying upwards of $99 for a program
that deliberately installs malware on your PC!


More information about the BreachExchange mailing list