FlightSimLabs’ A320 expansion pack includes bundled in password-stealing malware as a form of DRM.
The controversy came to light when a user on Reddit reported that FSLabs’ A320 installer had the file 'FSLabs_A320X_P3D_v220.127.116.11.exe', inside which there’s another application simply dubbed ‘test.exe’. This second executable is, in fact, a ‘Chrome Password Dump’ tool, accessing the web browser’s stored passwords and dumping them to a text file. Yep, you heard that right, a developer bundled in malware into its own game in order to combat piracy.
Understandably, flight sim fans weren’t too pleased with this and FSLabs quickly responded, saying “‘Test.exe’ is part of the DRM and is only targeted against specific pirate copies of copyrighted software obtained illegally.” More specifically, the malware targets specific serial numbers that have been identified as pirate copies currently being shared on torrent sites. If the serial number used lines up with FSLabs’ list of pirated keys, the installer then runs ‘Test.exe’ and dumps the Chrome passwords and displays them in a readable format. According to information security specialists Fidus, this text file is then encoded with Base64.exe then sent over an unsecured HTTP connection.
As the malware apparently only targets pirates, FSLabs suggest that these tools will not “reveal any sensitive information of any customer who has legitimately purchased our products. We all realize that you put a lot of trust in our products and this would be contrary to what we believe.”
It's not difficult to come to the conclusion that this is an absolutely insane way of doing things. The very fact it’s covert means it doesn’t act as a deterrent to piracy itself, and what exactly does FSLabs into to do with the information it has harvested? They then proceed to attempt to shift the entire blame onto the Reddit user who brought it to light, claiming “The only reason why this file would be detected after the installation completes is only if it was used with a pirate serial number (not blacklisted numbers).”
Since the malware came to light yesterday, FlightSimLabs has issued a more extensive policy and updated the installer so it doesn’t include the “DRM check file”. In a statement, the FSL team said it wants “to reiterate and reaffirm that we as a company and as flight simmers would never do anything to knowingly violate the trust that you have placed in us by not only buying our products but supporting them and FlightSimLabs.
“While the majority of our customers understand that the fight against piracy is a difficult and ongoing battle that sometimes requires drastic measures, we realize that a few of you were uncomfortable with this particular method which might be considered to be a bit heavy handed on our part.”
On the one hand I’m perfectly fine with developers messing with pirates, but password stealing is on another level entirely for a legitimate business. Not to mention that this malware was in the installer for legitimate users, it just wasn’t being utilised if they had a verified CD key.
What are your thoughts on this, is this a step too far for DRM? Was it right to bundle it in for legitimate users, even if the malware was benign? Let us know what you think!