Flight Simulator Lab is caught secretly installing a software which steals Chrome passwords from the browser while checking if the user has installed a pirated copy of their software.
Over the years there have been many DRM (Digital rights management) schemes, some of which were quite intriguing but not as much as this one that we are now going to reveal to you. As per the findings of Reddit user Crankyrecursion, the studio specializing in the development of flight simulator’ custom add-ons, FlightSimLabs or FSLaba, is involved in the secret installation of a program to assess if the user is running a pirated version of their software. This program is installed on user’s computers and happens to be a Chrome Password Dump tool. Crankyrecursion revealed his findings on February 18th.
As per a report on TorrentFreak, the program is designed to initiate a procedure that allowed FlightSimLabs to steal usernames and passwords from the web browsers of unsuspecting computer users. Indeed it is an excellent DRM scheme since the code is built-in to the FSLabs’ A320-X, which is an expansion for Microsoft Flight Simulator X.
It is rather ironic that instead of challenging the findings or denying it categorically, FlightSlimLabs’ boss Lefteris Kalamaras admitted that the code is there but it has been designed to be used on pirated versions of their software only. So, this means it is not a technical glitch or vulnerability but the software is meant to be there.
User Luke Gorman proved after breaking-down the Text.exe that anyone paying for FSLabs’ A320 module will be having this program installed on the computers without their consent or knowledge. Since the program can steal passwords, therefore, it can be termed as malware. The program not only asks the user to disable anti-virus while it is being installed but also is unable to protect their passwords.
Kalamaras has denied that the tool performs indiscriminate dumping of Chrome passwords. He added that: “there are no tools used to reveal any sensitive information of any customer who has legitimately purchased our products.” Basically, the software is there to notify the firm whenever the expansion is installed through pirated serial numbers. Kalamaras also noted that ‘Test.exe’ is a part of the DRM; its main targets are pirated versions of copyrighted software that are illegally obtained. The software is extracted temporarily only and is not used on legal copied of their product.
A cyber-security firm Fidus Information Security also approved the assessment and stated that although the company provided detailed information about their product there is no mentioning of the password dumping tool or text.exe.
“We can conclude the password dumping tool (test.exe) is only called when a fraudulent serial is used,” wrote Fidus.
However, Fidus has questioned about the protection of stored data and the reason behind transferring of the data over HTTP when it is encoded with B64 and whether it is legally allowed for a firm to do something like this. According to the founder of Fidus, Andrew Mabbit, the presence of malware as a password dumper in a trusted installed just to combat piracy is nothing short of “insanity.”
“When run, the program extracts all saved usernames and passwords from the Chrome browser and appears to send them to FSLabs. This is by far one of the most extreme, and bizarre, methods of Digital Rights Management (DRM) we’ve ever seen,” stated Mabbit while speaking with Motherboard.
Being wary of the criticism the company received after the revelation of the presence of password dumping tool, FSLabs released an update installer minus the malware on February 19th followed by a fresh statement from Kalamaras that read:
“While the majority of our customers understand that the fight against piracy is a difficult and ongoing battle that sometimes requires drastic measures, we realize that a few of you were uncomfortable with this particular method which might be considered to be a bit heavy handed on our part. It is for this reason we have uploaded an updated installer that does not include the DRM check file in question.”
The statement also contained another apology from FSLabs: “We have already replaced the installer in question and can only promise you that we will do everything in our power to rectify the issue with those who feel offended, as well as never use any such heavy-handed approach in the future. Once again, we humbly apologize!”
![The leaked database was discovered on Shodan on May 14th.[wp_ad_camp_1][hlink][/hlink]A huge online database containing private contact information including phone numbers and email IDs of roughly 50 million Instagram profiles including those of influencers and brands has reportedly been discovered by security researcher Anurag Sen. The affected individuals include famous food bloggers and celebrities too apart from social media influencers. This database, which belongs to Chtrbox reportedly contains 49 million records was hosted on AWS (Amazon Web Services) and got exposed because it wasn’t protected with a password. Chtrbox is a Mumbai-based marketing firm that connects social media influencers to brands looking to market their products.See: Facebook: Storing Instagram passwords in plain text & harvesting your emailsEvery single record in the exposed database contains data belonging to social media influencers’ accounts and in some cases, even the account location is also mentioned. Each account has different worth depending on the number of followers, reachability, and engagement on the platform.[wp_ad_camp_1][hlink][/hlink]Zack Whittaker of TechCrunch contacted Chtrbox to inform about the exposed database, and it was eventually removed. It must be noted that Anurag claimed to discover the exposed database on Shodan on May 14th but in a statement issued by Chtrbox stated that the database was only exposed for 72 hours and contained no personal data.Whittaker also tweeted on Chtrbox's statement and called it "inaccurate."On the other hand, the Instagram spokesperson stated that they are figuring out the issue in order to understand whether the data actually is of Instagram accounts or of other sources."We're also inquiring with Chtrbox to understand where this data came from and how it became publicly available," the spokesperson told TechCrunch.[wp_ad_camp_1][hlink][/hlink]Whittaker claims that the information in the database must have been scraped from various publicly available social media accounts as it also included data such as the cost of a particular post and number of likes, etc. Moreover, some of the influencers claim that they aren’t associated with Chtrbox.See: Russian Hackers Control Malware via Britney Spears Instagram PostsFacebook, which owns Instagram, told TechCrunch that it is reviewing the matter. It is worth noting that Instagram doesn’t allow account scraping while Chtrbox claims that its client base boasts of over 184,000 Instagram influencers. This number is much less than the number of records found in the exposed database.Previously, hackers were found compromising and holding several Instagram influencers accounts for ransom - In the other case, personal data of top celebrities on Instagram was stolen and traded online while several dark web marketplaces were also seen selling Instagram data of 6 million celebrities.Did you enjoy reading this article? Like our page on Facebook and follow us on Twitter.](https://www.hackread.com/wp-content/uploads/2019/05/database-with-millions-of-instagram-influencers-leaked-online-1.jpg)
