Flightsim company uses controversial ‘drm tool’ to fight piracy

Spread the love

The FlightSimLabs company, which makes add-ons for flight sims, admits that it uses a DRM tool to fight piracy. The tool in question can steal passwords from Chrome and is flagged as malicious software by antivirus products.

FlightSimLabs’ Lefteris Kalamaras issued a statement on the company’s official forum in response to the outcry. In it, he claims that the file in question, called test.exe, is only used with versions of the installer that have been flagged as illegal copies. He states, “There is a specific method we use with serial numbers identified as pirated copies that are circulating on The Pirate Bay, RuTracker and other malicious sites.”

The discussion surrounding FlightSimLabs’ practice arose on Reddit when a user wrote in a post that the installer for a particular aircraft model includes a Chrome password dumper from provider SecurityXploded. A VirusTotal upload of the file indicates that it is identified as malicious software by approximately half of the antivirus products on the platform. This file is said to be present with the company’s A320X software.

Kalamaras itself does not refer to the nature of the tool, but refers to a form of DRM. Further on, he states: “This method has now successfully yielded information that we will use in our legal battle against criminals.” Because of his choice of words, it remains in the middle about exactly what information is involved, but in his statement he does not deny that a tool is used to read passwords from the Chrome browser. In theory, FlightSimLabs could thus gain access to sensitive information about owners of copies of its software, for example by accessing e-mail or other accounts.

It can be concluded from Kalamaras’ statement that it is not a fault of the company. He states that it has been decided to make a new installer without the ‘drm-tool’ available. It is unclear how long the tool was bundled with the installer. Kalamaras goes on to write that he realizes that users have “felt uncomfortable with this method, which is on the heavy side.”

Update, February 20: The company has published an additional blog post with explanations. In it, it admits to using the password dumper, but claims it was only used to identify a particular individual.

You might also like
Exit mobile version