When is it acceptable to install a piece of malware on someone else’s PC? The answer to that question has always been and always will be “never.” But Flight Sim Labs (FSL) decided that malware was a good solution to piracy, and so shipped some with its products and classed it as DRM.
FSL is a company specializing in offering add-on products and services for flight simulators including Microsoft Flight Simulator and Enterprise Simulator Platform, which is used for training purposes in government and commercial settings. The company now has a bit of a trust problem, though.
Yesterday, Reddit user crankyrecursion discovered that one of FSL’s add-ons for the A320 airliner included a file called test.exe. Further investigation revealed the executable to be a “Chrome password dump tool” and therefore malware.
As TorrentFreak explains, the dump tool extracts usernames and passwords from Google Chrome on an infected machine. Worse than that, though, is the fact FSL’s founder and owner, Lefteris Kalamaras confirmed this was done on purpose in a bid to catch pirates.
Kalamaras explains in a forum post that the tool is included with its software, but that “there are no tools used to reveal any sensitive information of any customer who has legitimately purchased our products.” Instead, the malware is only activated when “specific serial numbers that have been identified as pirate copies” are detected. At that point, the malware is used to extract login details, gather information, and potentially use it for legal action.
Kalamaras finishes his post by saying, “We will be happy to provide further information to ensure that no customer feels threatened by our security measures – we assure you that there is nothing in our products that would ever damage the trust you have placed in our company by being our customer.” A more detailed post has also appeared on the FSL forums by Kalamaras explaining exactly how and when the dumping tool is used. Software developer Luke Gorman also produced a detailed breakdown of what the malware is and does.
I think we are well beyond customer’s feeling threatened. FSL is purposefully shipping a form of malware with their products people are paying for. The dump tool may be inactive, but at the first sign of piracy, a user’s security can be compromised, their personal details collected, and the information sent to a third-party without permission. Legal action may then follow.
It seems likely now that FSL could face some legal action of its own. Fighting piracy is all well and good, but using malware to do so is not. As a “sign of good faith” the company is offering to consider refunds for those who want them. A new installer has also been released without the malware attached.