Flight sim group put malware in a jet and called it DRM

Thoughts?

A company who makes add-ons for Flight Simulator X included malware in one of their downloadable jets, players have alleged. The malicious file is called ‘test.exe’ and it is designed to extract passwords from the Chrome web browser, according to the user who discovered it. The company in question, Flight Sim Labs, have since replaced the dirty jet with a clean one. But they say that to claim the file “indiscriminately dumps Chrome passwords” is “not correct information”, adding that the malware was “only extracted temporarily” and that it was targeted at pirates. The head of the company describes the file as “DRM”. ...

SOURCE: https://www.rockpapershotgun.com/2018/02/19/flight-sim-group-put-malware-in-a-jet-and-called-it-drm/

Malware is a bit too light.

IANAL, but what they've done is downright illegal in a lot of countries.

It apparently hacks your encrypted Chrome username/password dictionary, and then sends it over bog standard unencrypted HTTP to be stored on one of their servers.

It'd be one thing (still outright illegal) if they were specifically getting FSX usernames from it under the guise of finding out who the pirates were, but the entire user/pass dictionary? That's beyond a joke.

My thought is that company isn't going to be around much longer..

Really fun to read their forums too, they all think its ok because it 'only affects pirates!!!111"

More technical look:

https://www.fidusinfosec.com/fslabs-flight-simulation-labs-dropping-malware-to-combat-piracy/

Best thing is, everything unencrypted, unsecure server (the one you check if serial is legit!)...

https://forums.flightsimlabs.com/index.php?/announcement/11-a320-x-drm-what-happened/ LOL! Here is the boss admitting to have hacked a user. Can't make this stuff up haha

Mmm, it doesn't seem too clever to fight what is a civil offence by comitting what is, in many countries, a criminal offence. And then go on to admit it is madness, at least pretend it got in there by mistake when you get called out for it!

at least pretend it got in there by mistake when you get called out for it!

I don't know... how exactly would someone mistakenly write all that malicious code?

My thought is that company isn't going to be around much longer..

I certainly wouldn't buy anything from them. :)

I don't know... how exactly would someone mistakenly write all that malicious code?

Don't you read the news? It's the Russians! In case that doesn't apply, it must have been North Korea's hacker army. And if that doesn't work either, blame it on the Chinese as a last resort, that one never gets old. See, problem solved. :D

On a more serious note, doing something like this sounds like a solid way to catapult oneself out of the market. Here's to hoping no other company is going to make such bad mistakes.

Any law suits already ? Some advocate will surely smell the cheese and sue them.