Developer found hiding malware in game as anti-piracy tactic

A developer admitted to targeting illegal users of its game by embedding malware in a piece of downloadable content — malware that enabled the company to access certain users’ personal data as a hedge against piracy.

Flight Sim Labs, which develops add-ons for the long-running Microsoft Flight Simulator series, as well as professional flight trainers used by military and commercial aviators, took to its forum to both apologize for and explain why it included intrusive DRM within its software, following a Reddit report from a user whose personal data had been compromised.

“I want to reiterate and reaffirm that we as a company and as flight simmers would never do anything to knowingly violate the trust that you have placed in us by not only buying our products but supporting them and FlightSimLabs,” wrote company founder Lefteris Kalamaras in a lengthy post.

“While the majority of our customers understand that the fight against piracy is a difficult and ongoing battle that sometimes requires drastic measures, we realize that a few of you were uncomfortable with this particular method which might be considered to be a bit heavy handed on our part.”

This includes one Redditor who said that, after installing an add-on that modeled the Airbus A320, their bank found fradulent charges on their account. This dates back to three months ago, when a user’s credit card details were stolen after purchasing the content.

“It might just all be a coincidence, but please check your statement just in case,” wrote big-eye101 on the /flightsim subreddit in November, after their bank alerted them to a false charge on their card. “Again, don’t panic, but please do check your statements this month, especially if you have bought the (really awesome and lovely) plane recently.”

This week, user crankyrecursion corroborated big-eye101’s speculation, after discovering a tool called “Chrome Password Dump” hidden inside of the A320 installer. The software extracts all of the affected users’ personal information that’s stored in the Chrome browser, which can include passwords, billing information and other data. The subsequent Reddit thread about the hidden file set off both players of the game and Redditors in general who were disturbed by the idea that malware could be secretly baked into a download as a way to gather data on pirates.

Kalamaras at first verified crankyrecursion’s discovery of the password stealing tool, but argued that it was a “specific method used against specific serial numbers that have been identified as pirate copies.”

“This method has already successfully provided information that we’re going to use in our ongoing legal battles against such criminals,” Kalamaras wrote.

Redditors quickly dismissed the notion that this was constituted a fair anti-piracy practice, instead firing back that the intentional distribution of malware as an illegal activity.

“For those legitimate users who say they have nothing to hide or worry about. You should be extremely worried,” wrote another user, who said they work as an information security architect. “This company has done something very unethical and illegal. When they were caught doing it, they denied it initially, then they said they did it to fight piracy and, Oh, trust them, they don’t execute it on legitimate customers. The issue with that is they already ruined that trust by putting malware on your system.”

The ensuing concerns prompted Kalamaras’ later, apologetic response, in which he detailed how the installer worked, while offering refunds and releasing an updated version of the DLC to all users. Although Flight Sim Labs maintains that it did not keep or share any extracted personal information, its founder admitted that its attempts at warding off pirates may have been a breach of trust for all customers.

“This was not our intention and we take full responsibility,” he wrote. “What we now understand to have been an overly heavy-handed approach to our DRM installer efforts also meant that our support team strictly followed the instruction guidelines without being aware of the inclusion of DRM tools in any of our installers.”