Mod developer FlightSimLabs (FSLabs) has insisted the questioned component on its A320X flight simulator add-on was designed to combat software piracy and not to secretly swipe passwords.
FSLabs creates expansions for the Microsoft Flight Simulator that is a favorite among potential or student pilots. One user, though, recently discovered that the A320X add-on was implanted with a malware, supposedly to collect information from FSLabs customers.
According to Reddit user crankyrecursion, installer FSLabs_A320X_P3D_v188.8.131.52.exe seemed loaded with a "test.exe" file that is quite similar with a Chrome Password Dump tool, which is freely available on the internet. The same user expressed alarm that since the add-on requires administration rights to effectively run on a PC system, there potentially exists a serious security threat.
It bears mentioning that FSLabs provides trusted installers, and crankyrecursion wondered how it was possible a legitimate product was laced with a malware that was programed to extract passwords from unsuspecting users.
Malicious File Confirmed
As expected, the Reddit post quickly stirred controversy, and the suspicion raised by crankyrecursion was confirmed by cybersecurity firm Fidus Information Security. Andrew Mabbitt, founder of the company, told Motherboard that repeated scans of the A320X add-on installer revealed the existence of the suspect file and that it actually functions to steal login details and passwords from users on Google Chrome.
"When run, the program extracts all saved usernames and passwords from the Chrome browser and appears to send them to FSLabs. This is by far one of the most extreme, and bizarre, methods of Digital Rights Management (DRM) we've ever seen," Mabbitt explained.
He added there is no valid excuse for FSLabs' actions, insisting the decision to deploy malwares on legitimate software even to fend off piracy attempts "is absolute insanity."
FSLabs Admits Heavy-Handed Tactic
In response to the rising criticisms, FSLabs chief Lefteris Kalamaras issued a statement on the company's forum site and admitted fault was on their end. The executive recognized that the use of hidden package slighted many, and they "humbly apologize." To make amends, the original installer has been pulled out from the server.
"We have already replaced the installer in question and can only promise you that we will do everything in our power to rectify the issue with those who feel offended, as well as never use any such heavy-handed approach in the future," Kalamaras wrote in his post.
He further made clear that the DRM method employed was solely to ensnare an identified pirate, and there was no intention to inconvenience the general users of FSLabs' flight simulator add-ons. The tactic, though, by FSLabs to fight off piracy was characterized as an "extreme countermeasure" that even key players in the PC gaming industry, where piracy is widespread, have yet to practice.