Flight Sim Lab installed Chrome passwords stealer in piracy check tool

Flight Simulator Lab is caught secretly installing a software which steals Chrome passwords from the browser while checking if the user has installed a pirated copy of their software.

Over the years there have been many DRM (Digital rights management) schemes, some of which were quite intriguing but not as much as this one that we are now going to reveal to you. As per the findings of Reddit user Crankyrecursion, the studio specializing in the development of flight simulator’ custom add-ons, FlightSimLabs or FSLaba, is involved in the secret installation of a program to assess if the user is running a pirated version of their software. This program is installed on user’s computers and happens to be a Chrome Password Dump tool. Crankyrecursion revealed his findings on February 18th.

As per a report on TorrentFreak, the program is designed to initiate a procedure that allowed FlightSimLabs to steal usernames and passwords from the web browsers of unsuspecting computer users. Indeed it is an excellent DRM scheme since the code is built-in to the FSLabs’ A320-X, which is an expansion for Microsoft Flight Simulator X.

It is rather ironic that instead of challenging the findings or denying it categorically, FlightSlimLabs’ boss Lefteris Kalamaras admitted that the code is there but it has been designed to be used on pirated versions of their software only. So, this means it is not a technical glitch or vulnerability but the software is meant to be there.

Flight Simulator Lab installed Chrome password stealer in piracy check tool
Software stealing passwords from Chrome browser

User Luke Gorman proved after breaking-down the Text.exe that anyone paying for FSLabs’ A320 module will be having this program installed on the computers without their consent or knowledge. Since the program can steal passwords, therefore, it can be termed as malware. The program not only asks the user to disable anti-virus while it is being installed but also is unable to protect their passwords.

Kalamaras has denied that the tool performs indiscriminate dumping of Chrome passwords. He added that: “there are no tools used to reveal any sensitive information of any customer who has legitimately purchased our products.” Basically, the software is there to notify the firm whenever the expansion is installed through pirated serial numbers. Kalamaras also noted that ‘Test.exe’ is a part of the DRM; its main targets are pirated versions of copyrighted software that are illegally obtained. The software is extracted temporarily only and is not used on legal copied of their product.

A cyber-security firm Fidus Information Security also approved the assessment and stated that although the company provided detailed information about their product there is no mentioning of the password dumping tool or text.exe.

“We can conclude the password dumping tool (test.exe) is only called when a fraudulent serial is used,” wrote Fidus.

However, Fidus has questioned about the protection of stored data and the reason behind transferring of the data over HTTP when it is encoded with B64 and whether it is legally allowed for a firm to do something like this. According to the founder of Fidus, Andrew Mabbit, the presence of malware as a password dumper in a trusted installed just to combat piracy is nothing short of “insanity.”

“When run, the program extracts all saved usernames and passwords from the Chrome browser and appears to send them to FSLabs. This is by far one of the most extreme, and bizarre, methods of Digital Rights Management (DRM) we’ve ever seen,” stated Mabbit while speaking with Motherboard.

Being wary of the criticism the company received after the revelation of the presence of password dumping tool, FSLabs released an update installer minus the malware on February 19th followed by a fresh statement from Kalamaras that read:

“While the majority of our customers understand that the fight against piracy is a difficult and ongoing battle that sometimes requires drastic measures, we realize that a few of you were uncomfortable with this particular method which might be considered to be a bit heavy handed on our part. It is for this reason we have uploaded an updated installer that does not include the DRM check file in question.”

The statement also contained another apology from FSLabs: “We have already replaced the installer in question and can only promise you that we will do everything in our power to rectify the issue with those who feel offended, as well as never use any such heavy-handed approach in the future. Once again, we humbly apologize!”

Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.