I could not make that headline up, folks. Software developer Flight Sim Labs fights piracy by installing malware on your computer, and that is just the short version of it all.

The Microsoft Flight Simulator add-on developer was caught with its hand in the hypothetical cookie jar when they acknowledged installing password harvesters on the computers of players. The password harvester is developed specifically for Google Chrome, which is bad since Chrome has one of the biggest user-bases of all third-party browsers available on the market.

The worst part is that a password harvesting tool can be used to gain access to private information, such as bank and social media accounts. A game has no right to take that information from you without your consent and even then, it is a stretch.

The malware was first detected by Reddit user “crankyrecursion”, who explained that the Airbus A320-X add-on package for their desktop flight simulator software was flagged by “various antivirus products” installed on their system. Upon further investigation, crankyrecursion found a “text.exe” file inside the install folder. It acted as a command-line tool — a tool that directly interfaces with the computer’s command interface. Crankyrecursion also found out that the tool came from a company called SecurityXploded. This is where they learned of its real name: Chrome Password Dump.

Following the Reddit post, which blew up (for obvious reasons), Flight Sim Labs founder, Lefteris Kalamaras, responded to the discovery. He stated that “test.exe” is installed as part of the company’s digital rights management (DRM) efforts. Apparently, this tool helps to alert the company when pirates have installed the add-on package. Kalamaras also stated that allegations that the software has “indiscriminately dumped passwords” are not true and that the malware only targets pirated copies. Kalamaras further explained that the tool identifies pirated copies, and stores the serial numbers in a database. After that, “specific measures” are taken to alert the company.

Flight Sim Labs has since issued an update that removes the tool from the add-on content entirely. Along with this update, Kalamaras issued another statement in which he said that the measures “might be considered a bit heavy-handed”. Must have been the lawyers talking there.

While I am of the opinion that DRM is a must-have in today’s day and age, I loathe when companies introduce methods that risk confidential information. I personally think that there is no more scummy way to go about it. “Protecting” your work by actively installing sneaky programs on the back-end of your computer is not at all ethical.

The worst part of this entire shindig is that the entirety of Flight Sim Labs’ work now raises suspicions. The company is known for developing add-on content for Microsoft Flight Simulator and Enterprise Simulator Platform. It must also be noted that the update that removes the tool only came out for the Airbus A320-X add-on; and that the company did not release records on what information they have previously received, and for how long they have done this. Either way, I would avoid the add-on. You know, just to be on the safe side.

[Sources: Gamasutra, PC Mag, Reddit, VICE Motherboard]

Junior Editor at Vamers. From Superman to Ironman; Bill Rizer to Sam Fisher and everything in-between, Edward loves it all. He is a Bachelor of Arts student and English Major specialising in Language and Literature. He is an avid writer and casual social networker with a flare for all things tech related.