FSLabs has been deep in controversy this week. Piracy is a common issue for games and software developers. There are different ways of handling it, but one piece of flight simulator software recently had a controversial approach: infecting pirates with malware intended to steal their Chrome passwords. Flight Sim Labs (FSLabs) infected all users of its A320-X add-on with malware, saying it was an acceptable anti-piracy technique because it would only steal the passwords of users who were pirates. Questions have been swirling about whether the approach is even legal.
The issue came to attention on Reddit last weekend after one user complained that the $100 add-on, intended to be used with Microsoft Flight Simulator X and Prepar3D 3.0, included “test.exe” – a tool made by the company Security Xploded, which is essentially a Chrome password dump tool. Software Luke Gorman quickly verified this, followed by a malware analysis by Fidus Information Security.
Andrew Mabbitt, founder of Fidus who told Vice’s Motherboard about the issue, described it as “absolute insanity”. He verified that the “test.exe” file was indeed included in FSLab’s installer. Furthermore, he pointed to a scan of the file on VirusTotal, which showed a range of anti-virus products deeming the file malicious.
“When run, the program extracts all saved usernames and passwords from the Chrome browser and appears to send them to FSLabs. This is by far one of the most extreme, and bizarre, methods of Digital Rights Management (DRM) we’ve ever seen,” Mabbitt said.
This led to two posts by Lefteris Kalamaras, founder and owner of FSLabs, explaining why it had acted this way; firstly stating that the tools were not used on any customer who had “legitimately purchased our products”, and was being specifically used against specific serial numbers that have been identified as pirate copies.
Kalamaras also stated that the company had been going after a particular game pirate with the bundled software. He explained, “We found through the IP addresses tracked that the particular cracker had used Chrome to contact our servers so we decided to capture his information directly – and ONLY his information (obviously, we understand now that people got very upset about this – we’re very sorry once again!) as we had a very good idea of what serial number the cracker used in his efforts.”
Following further outcry, the company posted an update, stating this particular method “might be considered to be a bit heavy handed on our part”, and relayed the news that it had released an updated installer that doesn’t include the password stealer.