A few months ago, a Reddit user by the name of crankyrecursion noticed that the A320 addon from FlightSimLabs contained a file called "test.exe." This file turned out to be used to extract a users passwords from Google Chrome if a pirated key was used, and send your passwords back to FlightSimLabs. FlightSimLabs claimed that the file did not steal information from a paying customer, and the file was only "activated" if a pirated serial number was used.
As shady as that is, it is not the end. FlightSimLabs removed the "test.exe" from the addon's installer after backlash from the community, however a new shady file has been found called "cmdhost.exe." This file inserts itself into the windows system, and syswow directories. Deleting or not installing the "cmdhost.exe" will cause your game to not run. A user submitted this file to HitmanPro, an anti-malware program, where it was found to be a "hollow process." Ronny from HitmanPro support states.
This is a trick that this game is playing, process hollowing is like you start a legit program, you 'freeze' it, remove the original code from memory, dump your own code and then 'unfreeze' it.
This way you could have a look at your processes running and it would show notepad.exe while in reality it was another.exe no way to see the difference.
Shortly after FlightSimLabs called the allegations "slander" and began threatening lawsuits to websites, the moderators of /r/FlightSim, as well as some Reddit users themselves. The /r/flightsim mod team went on to post their response, as well as the original messages with FlightSimLabs. The video below goes into the lawsuit portion very well.
This still is not the end. earlier this month the FlightSimLabs website was hacked by someone calling themselves "RandomRedditor." The hacker changed the webpage posting the usernames and passwords for FlightSimLabs employees, and included a letter with an ultimatum.
Making a public apology for your wrongdoings, with no blame apportioned elsewhere or PR spin, would go a long way in to making sure the copy of product serial numbers along with associated customer data gets destroyed.
FlightSimLabs released a statement about the attack, stating that they were still investigating the attack, and claim that only "limited access was gained."
Thanks to [H]ardForm member noclevername for turning me on to this story, what a rabbit hole it turned out to be, and I have a feeling it may not be over yet. Sad to see such a thing haen to what is already a very niche community in hardcore flight sim.
As shady as that is, it is not the end. FlightSimLabs removed the "test.exe" from the addon's installer after backlash from the community, however a new shady file has been found called "cmdhost.exe." This file inserts itself into the windows system, and syswow directories. Deleting or not installing the "cmdhost.exe" will cause your game to not run. A user submitted this file to HitmanPro, an anti-malware program, where it was found to be a "hollow process." Ronny from HitmanPro support states.
This is a trick that this game is playing, process hollowing is like you start a legit program, you 'freeze' it, remove the original code from memory, dump your own code and then 'unfreeze' it.
This way you could have a look at your processes running and it would show notepad.exe while in reality it was another.exe no way to see the difference.
Shortly after FlightSimLabs called the allegations "slander" and began threatening lawsuits to websites, the moderators of /r/FlightSim, as well as some Reddit users themselves. The /r/flightsim mod team went on to post their response, as well as the original messages with FlightSimLabs. The video below goes into the lawsuit portion very well.
This still is not the end. earlier this month the FlightSimLabs website was hacked by someone calling themselves "RandomRedditor." The hacker changed the webpage posting the usernames and passwords for FlightSimLabs employees, and included a letter with an ultimatum.
Making a public apology for your wrongdoings, with no blame apportioned elsewhere or PR spin, would go a long way in to making sure the copy of product serial numbers along with associated customer data gets destroyed.
FlightSimLabs released a statement about the attack, stating that they were still investigating the attack, and claim that only "limited access was gained."
Thanks to [H]ardForm member noclevername for turning me on to this story, what a rabbit hole it turned out to be, and I have a feeling it may not be over yet. Sad to see such a thing haen to what is already a very niche community in hardcore flight sim.