Company Embedded Password-Stealing Malware into Installer as Part of DRM Efforts | Tripwire

Company Embedded Password-Stealing Malware into Installer as Part of DRM Efforts

Posted on February 20, 2018
Riviera Beach Pays Nearly $600K to Recover Data after Ransomware Attack
A company embedded password-stealing malware into an installer as part of its digital rights management (DRM) efforts to combat software pirates. On 18 Sunday, Reddit user crankyrecursion spotted the malware hiding within Flight Sim Labs' installer for its A320 flight simulator desktop software. A little digging on the user's part revealed that the threat originates from an organization called SecurityXploded and functions as a Chrome password dumping tool. Concerned, he asked the Reddit community if someone could illuminate why a trusted installer contained the malware, perhaps out of concern that someone had compromised Flight Sim Labs' installation processes. After learning of the Reddit post, Flight Sim Labs chief Lefteris Kalamaras issued a statement in which he reveals the company itself had added test.exe to its installer for a specific purpose:
.... There is a specific method used against specific serial numbers that have been identified as pirate copies and have been making the rounds on ThePirateBay, RuTracker and other such malicious sites. ...If such a specific serial number is used by a pirate (a person who has illegally obtained our software) and the installer verifies this against the pirate serial numbers stored in our server database, it takes specific measures to alert us. "Test.exe" is part of the DRM and is only targeted against specific pirate copies of copyrighted software obtained illegally.
A follow-up statement by Kalamaras explains that Flight Sim Labs had incorporated the password dumping tool into its installer to target a specific group of crackers and pirates whom it had been attempting to stop for some time. The company learned a lot about those individuals through the utility, the statement admits. Flight Sim Labs intends to forward that information to legal authorities if it hasn't already done so.
14sFZW-lbJaUxuRuCsR4-w.png
A screenshot of the file "test.exe" (Photo credit to crankyrecursion) Users and observers weren't impressed with Flight Sim Labs' decision. Software developer Luke Gorman went so far as to call the situation "a violation of software ethics, and more than likely illegal." He then urged the company to rethink its anti-piracy strategy. As it turns out, Flight Sim Labs did just that. The company recognized that its decision to equip its DRM efforts had made some of its customers "uncomfortable," so it released an updated installer without the DRM file included. You can access that updated installer here.
Join over 20,000 IT security pros who get our top stories delivered to their inbox every week!