Game Studio Found To Install Malware DRM On Customers' Machines, Defends Itself, Then Apologizes

The thin line that exists between entertainment industry DRM software and plain malware has been pointed out both recently and in the past. There are many layers to this onion, ranging from Sony's rootkit fiasco, to performance hits on machines thanks to DRM installed by video games, up to and including the insane idea that copyright holders ought to be able to use malware payloads to "hack back" against accused infringers.

What is different in more recent times is the public awareness regarding DRM, computer security, and an overall fear of malware. This is a natural kind of progression, as the public becomes more connected and reliant on computer systems and the internet, they likewise become more concerned about those systems. That may likely explain the swift public backlash to a small game-modding studio seemingly installing something akin to malware in every installation of its software, whether from a legitimate purchase or piracy.

FlightSimLabs, a studio that specialises in custom add-ons for other company's flight sims, has been found to be secretly installing a program onto user's computers designed to check whether they're playing a pirated copy of their software.

The code-basically a Chrome password dumping tool- was discovered by Reddit user crankyrecursion on February 18, and as TorrentFreak reportwas designed to trigger "a process through which the company stole usernames and passwords from users' web browsers."

Whatever fuzzy line might exist between DRM payloads and malware, this specific deployment appears to have crossed it in a very big way. The extraction of user names and passwords for infringers would be a step too far on its own, but the real problem is that the executable that does all of this was included in every copy of the software FlightSimLabs provided, including those from legit purchases.

Lefteris Kalamaras, who runs FlightSimLabs, admitted that the installation of a file named "test.exe" was included in the software installation, but insisted that it was only weaponized when a pirated copy of the software is detected.

First of all - there are no tools used to reveal any sensitive information of any customer who has legitimately purchased our products. We all realize that you put a lot of trust in our products and this would be contrary to what we believe.

If such a specific serial number is used by a pirate (a person who has illegally obtained our software) and the installer verifies this against the pirate serial numbers stored in our server database, it takes specific measures to alert us. "Test.exe" is part of the DRM and is only targeted against specific pirate copies of copyrighted software obtained illegally. That program is only extracted temporarily and is never under any circumstances used in legitimate copies of the product. The only reason why this file would be detected after the installation completes is only if it was used with a pirate serial number (not blacklisted numbers).

This attempt at an explanation failed to assuage the gaming community for understandable reasons. To include a program capable of extracting passwords in a flight simulator mod is flatly insane. The only proper description for such software would be malware and that malware was installed on the machines of customers of FlightSimLabs that had properly paid for its products. The claim that this malware remained dormant for those purchasing the mods would be the same as claiming that each of our homes have been outfitted with bombs without our knowledge, but those bombs will only be activated if the home builder thinks we're doing something illegal. This is all wide open for mistakes, abuse, and for other bad actors to swoop in on these customers and make use of the software for nefarious reasons.

Shortly after Kalamaras' "explanation", FlightSimLabs updated the mods in question with the malware removed entirely. The company also updated its community with an apology that still somewhat misses the mark.

We have already replaced the installer in question and can only promise you that we will do everything in our power to rectify the issue with those who feel offended, as well as never use any such heavy-handed approach in the future. Once again, we humbly apologize!

This isn't about "feeling offended", it's about the company breaking the trust of its customers by installing what is clearly malware on their machines. That isn't the type of bad act a company should be able to come back from.