Studio Accused Of Installing Malware On Customer’s PCs

Studio Accused Of Installing Malware On Customer’s PCs
To sign up for our daily newsletter covering the latest news, features and reviews, head HERE. For a running feed of all our stories, follow us on Twitter HERE. Or you can bookmark the Kotaku Australia homepage to visit whenever you need a news fix.

FlightSimLabs, a studio that specialises in custom add-ons for other company’s flight sims, has been found to be secretly installing a program onto user’s computers designed to check whether they’re playing a pirated copy of their software.

The code – basically a Chrome password dumping tool – was discovered by Reddit user crankyrecursion on February 19, and as TorrentFreak report was designed to trigger “a process through which the company stole usernames and passwords from users’ web browsers.”

Rather than deny or challenge the discovery, FlightSimLabs boss Lefteris Kalamaras wrote on the company’s forums that yes, the code is in there, but it’s only designed to be used on pirated copies of their software (emphasis his).

I’d like to shed some light on what is actually going on.

1) First of all – there are no tools used to reveal any sensitive information of any customer who has legitimately purchased our products. We all realise that you put a lot of trust in our products and this would be contrary to what we believe.

2) There is a specific method used against specific serial numbers that have been identified as pirate copies and have been making the rounds on ThePirateBay, RuTracker and other such malicious sites.

3) If such a specific serial number is used by a pirate (a person who has illegally obtained our software) and the installer verifies this against the pirate serial numbers stored in our server database, it takes specific measures to alert us.

“Test.exe” is part of the DRM and is only targeted against specific pirate copies of copyrighted software obtained illegally. That program is only extracted temporarily and is never under any circumstances used in legitimate copies of the product. The only reason why this file would be detected after the installation completes is only if it was used with a pirate serial number (not blacklisted numbers).

This method has already successfully provided information that we’re going to use in our ongoing legal battles against such criminals.

As this breakdown of “test.exe” by user Luke Gorman shows, that is hardly reassuring for customers.

Anyone paying for FlightSimLabs’ A320 module has had a program installed on their computers, without their knowledge, and which is capable of stealing their Chrome passwords. Not only does the A320 installer request that customers turn off their antivirus during installation, but the only protection they have against the program stealing their passwords (or being exploited by a third party) is FlightSimLabs’ word.

In response to the outcry, FlightSimLabs posted an updated version of the A320 module on February 19, this time without the malware present.

Hello all,

I would like to further address some of the controversy that has taken place this evening.

I want to reiterate and reaffirm that we as a company and as flight simmers would never do anything to knowingly violate the trust that you have placed in us by not only buying our products but supporting them and FlightSimLabs.

While the majority of our customers understand that the fight against piracy is a difficult and ongoing battle that sometimes requires drastic measures, we realise that a few of you were uncomfortable with this particular method which might be considered to be a bit heavy handed on our part. It is for this reason we have uploaded an updated installer that does not include the DRM check file in question.

I want to thank you all for voicing your concerns in a considerate manner on our forums and elsewhere. We do listen to our customers because without you, there would be no FlightSimLabs.


  • “In our next version we will also have one of our employees come and sit in your room while you play. For our legitimate customers they will just sit there and not do anything to you, or your room but if you are using a pirated version then they will trash your room and steal your private belongings. This will also be the case if they suspect you of pirating or hacking, or they accidentally make a mistake, or we decide that we don’t like you. But remember, our community and fans are important to us.”

    • I like this part myself:

      I want to reiterate and reaffirm that we as a company and as flight simmers would never do anything to knowingly violate the trust that you have placed in us by not only buying our products but supporting them and FlightSimLabs.

      They’d never knowingly violate the trust, but naively violating it seems to be OK… How can they not see that merely installing stealth software would be seen as a breach of privacy, or in their terms, a ‘violation of trust’ to their customers?

      By design the software is spying on their customers as well as pirates. Its the whole purpose of it. Then, when it detects a target, goes further, and mines other personal data that has nothing to do with their product.

  • Using illegal activity to catch people doing things illegally isn’t ok.

    If it was then the police would run rampant all over anyone they thought might have caused a crime at some point that they’re investigating, and warrants wouldn’t exist.

  • Instead, why didn’t they spend the hours/money on making their game less piratable, rather than “Lets spy on everyone, equally”

  • Presumably any use of credentials skimmed from pirates would itself be illegal. If they tried to log in to the pirate’s web mail to find out who they were, that would be unauthorised access to a computer system.

  • Right.

    They do realise by hiding a keylogger in their software those pirates they are trying to catch can turn around and sue them?

Show more comments

Comments are closed.

Log in to comment on this story!