Gamers are accusing a company that makes mods for Microsoft’s Flight Simulator X game of putting a password stealer inside one of its add-ons.
The company defended its decision by saying the malware works part of a Digital Rights Management (DRM) platform and only activates when users are using a pirated copy of their mod.
The company at the heart of this controversy is Flight Sim Labs, and the mod that got everyone talking is A320-X, a $100 add-on for Microsoft’s Flight Simulator X that allows users to pilot Airbus A320 airplanes.
Mod included Chrome password dumper
According to a Reddit user named crankyrecursion, the recent version of this mod (FSLabs_A320X_P3D_v2.0.1.231.exe) included a file named test.exe that was a renamed version of an application named « Chrome Password Dump, » sold by SecurityXploded.
This tool is a command-line application that extracts passwords from Chrome’s internal database, as advertised by SecurityXploded and verified by many users, such as Luke Gorman and the team at Fidus Security.
The presence of such tool in a game mod alarmed users, most fearing the mod maker might have been hacked, and someone hid the malware inside the mod’s installer, hoping nobody would notice.
Malware supposedly activates only for « pirates »
But instead of denouncing any claims of getting hacked, things took a weird turn when Lefteris Kalamaras, the mod-making company’s CEO, accused the Reddit user of being a pirate.
According to a post on the company’s support forums, Kalamaras explained that the Chrome Password Dump tool was added to the A320-X mod intentionally.
Kalamaras says the test.exe file only runs when the user is trying to activate the mod with a license key known to be associated with pirated copies of the add-on.
» First of all – there are no tools used to reveal any sensitive information of any customer who has legitimately purchased our products, » Kalamaras says [emphasis preserved].
« There is a specific method used against specific serial numbers that have been identified as piratecopies and have been making the rounds on ThePirateBay, RuTracker and other such malicious sites, » Kalamaras adds. « If such a specific serial number is used by a pirate (a person who has illegally obtained our software) and the installer verifies this against the pirate serial numbers stored in our server database, it takes specific measures to alert us. »
to read the original article: https://www.bleepingcomputer.com/news/security/flight-sim-game-maker-embeds-password-stealing-malware-in-game-mod/