$100 DLC Comes With Password Stealing Malware for DRM

rgMekanic

[H]ard|News
Joined
May 13, 2013
Messages
6,943
A few months ago, a Reddit user by the name of crankyrecursion noticed that the A320 addon from FlightSimLabs contained a file called "test.exe." This file turned out to be used to extract a users passwords from Google Chrome if a pirated key was used, and send your passwords back to FlightSimLabs. FlightSimLabs claimed that the file did not steal information from a paying customer, and the file was only "activated" if a pirated serial number was used.

As shady as that is, it is not the end. FlightSimLabs removed the "test.exe" from the addon's installer after backlash from the community, however a new shady file has been found called "cmdhost.exe." This file inserts itself into the windows system, and syswow directories. Deleting or not installing the "cmdhost.exe" will cause your game to not run. A user submitted this file to HitmanPro, an anti-malware program, where it was found to be a "hollow process." Ronny from HitmanPro support states.

This is a trick that this game is playing, process hollowing is like you start a legit program, you 'freeze' it, remove the original code from memory, dump your own code and then 'unfreeze' it.
This way you could have a look at your processes running and it would show notepad.exe while in reality it was another.exe no way to see the difference.


Shortly after FlightSimLabs called the allegations "slander" and began threatening lawsuits to websites, the moderators of /r/FlightSim, as well as some Reddit users themselves. The /r/flightsim mod team went on to post their response, as well as the original messages with FlightSimLabs. The video below goes into the lawsuit portion very well.

This still is not the end. earlier this month the FlightSimLabs website was hacked by someone calling themselves "RandomRedditor." The hacker changed the webpage posting the usernames and passwords for FlightSimLabs employees, and included a letter with an ultimatum.

Making a public apology for your wrongdoings, with no blame apportioned elsewhere or PR spin, would go a long way in to making sure the copy of product serial numbers along with associated customer data gets destroyed.

FlightSimLabs released a statement about the attack, stating that they were still investigating the attack, and claim that only "limited access was gained."

Thanks to [H]ardForm member noclevername for turning me on to this story, what a rabbit hole it turned out to be, and I have a feeling it may not be over yet. Sad to see such a thing haen to what is already a very niche community in hardcore flight sim.
 
OH its gets better too a month later they had ANOTHER file called conhost.exe in the same aircraft model that INSTALLED THE WINDOWS SYSTEM FOLDER WITH ADMIN RIGHTS!
Did they hack windows or did the USER install the model with admin rights?
 
This is exactly why you:

A) Shouldn't store passwords in the browser. The local database they go into is easily accessed. If I recall with regards to Chrome, it only encrypts them with the encryption key you assign on transmission to the cloud (if sync is on), the local copies are stored unencrypted.

B) Willynilly give approval for admin rights.


Heck, I sandbox a lot of programs just because of crap like this. If I don't think you're a trustworthy dev, your stuff goes in a sandbox.
 
as you have heard, there's a place called the Dark Web but truth be told, pretty much most of the Web is dark one way or another (which likely is why it's called The Web). What the internet has done (far as I'm concerned anyway) is to show me just how extensive the darkness has spread globally.

Everyone is making eternal choices everyday - choose wisely because forever is a very, very long time (too long for a finite human mind to even comprehend)
 
I have most of my passwords written down now. So if someone got to them then I would have bigger problems.
Nothing is secure these days
 
Thanks to [H]ardForm member noclevername for turning me on to this story, what a rabbit hole it turned out to be, and I have a feeling it may not be over yet. Sad to see such a thing haen to what is already a very niche community in hardcore flight sim.
It's not in spite of being a niche community it is because of it. Since it's a niche product they know they can pull virtually anything and the fans of such simulations have nowhere else to turn to. But spyware is going too far even for them.
It's usually only second rate products at highly inflated prices, like with the Train Simulator products.
 
There is a systemic attack, and growing awareness of it, on user data. My data is my data. Just like the stereo on my counter is mine. If a company wants to use my data, they should be forced to ask for EXPLICIT permission for that data...each time they want to get it from me, as well as each time they USE it.

EULAs are a joke.

The continued trampling on users is creating a backlash which will result in laws being passed which will be far more draconian than anything that industry would've done voluntarily.
 
There is a systemic attack, and growing awareness of it, on user data. My data is my data. Just like the stereo on my counter is mine. If a company wants to use my data, they should be forced to ask for EXPLICIT permission for that data...each time they want to get it from me, as well as each time they USE it.

EULAs are a joke.

The continued trampling on users is creating a backlash which will result in laws being passed which will be far more draconian than anything that industry would've done voluntarily.

Here, here.
 
Wow what a mess. Their A320 is suppose to be really well done too, I was tempted to snag it at one point but I'm glad I stuck to PMDG Boeings now. These add-ons aren't cheap - and rightfully so as the detail in the big airliners is ridiculous - but what a slap in the face after spending >$100 for an add-on.
 
The installer fails if you dont run it with admin rights so wont install at all
So that should be a red flag. A game addon should not need admin rights under any circumstances.
 
EULAs are a joke.

The continued trampling on users is creating a backlash which will result in laws being passed which will be far more draconian than anything that industry would've done voluntarily.

Hopefully you are right but I have a feeling that money will change hands to avoid those new laws and we'll still be in the same mess years from now.
 
Remote file that can gather and send passwords or user data....Says it's ok because its "only" for those who use non genuine keys....Shortly after their site is hacked.

This is why shit like this is not ok. I am not going to willingly install a backdoor to my data for you to access, when you can't even keep your own data secure.
 
hit'em where it hurts, no purchase anymore and always mention their name along with "spyware & trojan invested"...you cannot stop that once unleashed.

I also highly doubt this is still legal to do in the EU with it's renewed EU-GPDR
 
Is any worse than red shell tracking you when the software is running and linking you back to all the major information brokers?

If they would have used Red Shell they could have just verified the name with the registration key and banned them..
 
Only a year removed from the Digital Homicide fiasco, you would think this company could predict where this is going.
 
Submitting your files to an antivirus company does NOT in any way clear you of wrong doing. Anti virus companies get thousands of submissions daily and they go through an automated process of analysis to be added to white list.

Hand analysis occurs very rarely given the number of submissions. The reason processes get white listed is because there's an accountability attach to the file as it can be traced back to the vendor.

I know this for a fact because we have 4 processes that get flagged on a daily basis Everytime we build them. They are pretty regularly white listed. Every once in a while they get flagged because the build server prevents any outbound traffic outside the company domain so the av company doesn't get the listing. But our local build machines submit samples all the time.
 
Last edited by a moderator:
Just goes to show, the captains of industries are the biggest thieves. This is why aliens don't come here. Seems every single powerful politician or corporate head is a thief of the greatest magnitude, and as dishonest as the worst criminal. Successful people are the role models of society, so it's no surprise that kids grow up modeling themselves after criminals, and wind up just the same. Stealing from your customers is justifiable? Okay. So don't be surprised when someone lifts your wallet next time you go out shopping, and more pirates steal your products. After all, corporate leader, YOU provided the role model for that person.

This is the same reason Microsoft sucks so much. They have the ability to set a terrific example for the rest of society. Instead, they set a horrible one, and then wonder why more and more of their customers pirate their products instead of pay for them.
 
I have been a flight simmer for a long time, since the DOS days in fact. It is pretty much the only graphics application I care about anymore, not really having time for PC gaming these days. I've invested a lot of time and money into this hobby, and particularly enjoy the simulation of commercial aircraft. As such, the FSL A320 was on my list of aircraft to purchase, being a P3D user (rather than X-Plane). Not anymore.

The actions of FS Labs are absolutely atrocious and they should not stand. There needs to be economic consequences for their hubris, and punishment for their illegal actions. I have yet to see any legal action taken against them, and I am inclined to believe none shall ever be. They are protected by their size, in serving such a niche market. Furthermore, the owners/operators of the largest flight simulation community (Avsim) will not allow this topic to be discussed. Their business model consists of selling advertising, and the service of hosting support forums for 3rd party flight sim add-on developers (FS Labs is a 3rd party flight sim add-on developer - though they do not take advantage of Avsim's hosting services). Sadly, this act of censorship on the part of the largest flight simulation forum, in my opinion, also contributes to the likelihood of FSL's despicable actions going unpunished. If you search Avsim's forums for the term "fslabs" right now, you will find no reference to the events outlined in this thread. This is immoral at best, collusion at worst, in my opinion.
 
No application should.
Anything that makes changes to the registry requires admin privs.

This is a quite common practice to windows to updating components and installing drivers.
 
Anything that makes changes to the registry requires admin privs.

This is a quite common practice to windows to updating components and installing drivers.

That's the point. No 3rd party application should ever need to touch drivers or system files. That's the job of the Operating System and up to the admin/user to choose when and how to install/update these files.
 
Probably because of the EULA.

A EULA is not a get out of jail free card. You can't circumvent the law by putting a clause into a EULA or other contract. The password stealing malware should definitely have been illegal. I don't know if the later solution is also illegal, but if it is, their EULA means jack shit.

This reminds me of the Sony Rootkit scandal many years ago. If I recall correctly, that resulted in several class action lawsuits that Sony lost. Hopefully these clowns get what is coming to them, this is absurd behavior.
 
I thought something new came up relating to FlightSimLabs's shenanigans.

Nope just someone seriously late for the bus.
 
I thought something new came up relating to FlightSimLabs's shenanigans.

Nope just someone seriously late for the bus.

It's definitely late, but you have to remember that most people have little to no awareness of or interest in flight simulators or their communities.

Also there was a more recent incident with an FSLabs representative attempting to silence discussion about their behavior on various forums (reddit and fselite) by threatening legal action against the moderators/admins of those sites.

https://arstechnica.com/gaming/2018/06/flightsimlabs-threatens-reddit-mods-over-libelous-drm-posts/

Real salt of the earth type folks there at FSLabs.
 
Back
Top