SoylentNews
SoylentNews is people
https://soylentnews.org/

"Arthur T Knackerbracket" has found the following story:

The usually staid world of professional-grade flight simulations was rocked by controversy over the weekend, with fans accusing mod developer FlightSimLabs (FSLabs) of distributing "malware" with an add-on package for Lockheed Martin's popular Prepar3d simulation. The developer insists the hidden package was intended as an anti-piracy tool but has removed what it now acknowledges was a "heavy-handed" response to the threat of people stealing its add-on.

The controversy started Sunday when Reddit user crankyrecursion noticed that FSLabs' Airbus A320-X add-on package was setting off his antivirus scanner. FSLabs had already recommended users turn off their antivirus protection when installing the add-on, so this wasn't an isolated issue.

The reason for the warning, as crankyrecursion found, was that the installer seemed to be extracting a "test.exe" file that matched a "Chrome Password Dump" tool that can be found online. As the name implies, that tool appears to extract passwords saved in the Chrome Web browser—not something you'd expect to find in a flight-sim add-on. The fact that the installer necessarily needs to run with enhanced permissions increased the security threat from the "Password Dump."

[...] In a later update, Kalamaras acknowledges that some users were uncomfortable with "this particular method which might be considered to be a bit heavy-handed on our part." The company promptly released a new installer without the test.exe code included.

Fnord666 writes:

FlightSimLabs, a studio that specialises in custom add-ons for other company's flight sims, has been found to be secretly installing a program onto user's computers designed to check whether they're playing a pirated copy of their software.

The code—basically a Chrome password dumping tool— was discovered by Reddit user crankyrecursion on February 18, and as TorrentFreak report was designed to trigger "a process through which the company stole usernames and passwords from users' web browsers."

Rather than deny or challenge the discovery, FlightSimLabs boss Lefteris Kalamaras wrote on the company's forums that yes, the code is in there, but it's only designed to be used on pirated copies of their software (emphasis his).

Source: Kotaku

Original Submission

1. "following story" - https://arstechnica.com/gaming/2018/02/flight-sim-devs-say-hidden-password-dump-tool-was-used-to-fight-pirates/
2. "Lockheed Martin's popular Prepar3d simulation" - https://www.prepar3d.com/
3. "noticed" - https://www.reddit.com/r/flightsim/comments/7yh4zu/fslabs_a320_installer_seems_to_include_a_chrome/dugls12/
4. "Airbus A320-X add-on package" - http://www.flightsimlabs.com/index.php/a3xx-master-series-a320-3/
5. "recommended users turn off their antivirus protection" - https://forums.flightsimlabs.com/index.php?/topic/16142-antivirus-exclusions/
6. "as crankyrecursion found" - https://www.reddit.com/r/flightsim/comments/7yh4zu/fslabs_a320_installer_seems_to_include_a_chrome/
7. "Fnord666" - https://soylentnews.org/~Fnord666/
8. "crankyrecursion" - https://www.reddit.com/user/crankyrecursion
9. "TorrentFreak report" - https://torrentfreak.com/flight-sim-company-embeds-malware-to-steal-pirates-passwords-180219/
10. "wrote on the company's forums" - https://forums.flightsimlabs.com/index.php?/announcement/10-a320-x-drm-clarification/
11. "Kotaku" - https://kotaku.com/studio-accused-of-installing-malware-on-customers-pcs-1823141718
12. "Original Submission" - https://soylentnews.org/submit.pl?op=viewsub&subid=24946

printed from SoylentNews, Flight-Sim Devs Say Hidden Password-Dump Tool Was Used To Fight Pirates on 2024-04-20 05:48:14