Over the years, we’ve seen some pretty damn terrible DRM in video games. We’ve seen stuff that could accidentally wipe out or cause security holes in someone’s computer due to its creator’s sheer incompetence. We’ve seen rip-off schemes where even playing a single player title requires internet access at all times.
And well, with a certain recent Sonic fan game… we’ve even stuff straight out of a bad creepypasta. As in, something that literally closed your web browser when it detecting you were looking for cheats, right before corrupting the game itself and turning it into some kind of hellish troll game.
But now we may have come across something even worse. Something may actually take its games creators from the realm of incompetent and dangerous to downright evil.
Yes, one game (or more precisely, content pack) actually has malware in its installer. Named the FSLabs A320, this pack of digital aircraft for flight simulators has a file called ‘test.exe’ in its install files. At first glance, this sounds harmless.
However, it’s actually far from it. You see, test.exe isn’t a typical test program. It’s not something you’d just randomly include in an installer.
It’s actually a Chrome password dumping tool. As in, a way for hackers to steal passwords from your browser’s password manager and mail them the details over the internet. Like a fancy keylogger or what not.
And as you can imagine, that’s not something you ever want to see in a video game. Heck, that’s not something you’d ever want on your computer period. It’s a huge security risk even having the thing included in the files.
Oh, and there’s more here too. You see, you may think this file would merely be a mistake by the developer. After all, everyone gets viruses at some point. So it seems all too possible than a random dev may have gotten their computer infected and accidentally included such a program in their work by mistake.
However, that’s not the case. Nope, the people at Flight Sim Labs deliberately included this file to ‘hunt down people who pirated their work’. Their plan was to actually steal people’s login information, then use it to hunt them down and send their details to law enforcement.
Here’s the comment on their forums confirming it:
If such a specific serial number is used by a pirate (a person who has illegally obtained our software) and the installer verifies this against the pirate serial numbers stored in our server database, it takes specific measures to alert us. “Test.exe” is part of the DRM and is only targeted against specific pirate copies of copyrighted software obtained illegally. That program is only extracted temporarily and is never under any circumstances used in legitimate copies of the product. The only reason why this file would be detected after the installation completes is only if it was used with a pirate serial number (not blacklisted numbers).
This method has already successfully provided information that we’re going to use in our ongoing legal battles against such criminals.
Yeah, that’s a pretty bad way of doing things isn’t it? Not only do you to put legitimate customers at risk, you outright break the law to go after pirates too. Remember, it’s illegal to do this stuff. Doesn’t matter if you’re doing it for the ‘right reasons’, there’s no legal basis for hacking someone’s machine at all.
That’s clearly stated in country laws on the subject around the world. Like the UK’s Computer Misuse Act.
So, for anyone who’s used this software, remove it from your computer right now. You do not want to support a company like this, especially now they’ve opened up your machine to hackers and proven they have zero respect for anyone else’s security. They don’t deserve your respect for this, and they should have lost your support forever as a result.
And as for Flight Sim Labs? Well you’re just kind of screwed at this point. You’ve made a terrible decision, it’s probably killed your business and (based on what people have said online and previous legal precedents), likely opened you up to various lawsuits and charges for computer misuse related crimes.
Congratulations on committing business suicide!
But what do you think about the whole ordeal? Are you shocked that anyone would consider using malware to steal personal information a legitimate form of DRM for a game or game related product?
Post your thoughts on this here in the comments or on the Gaming Latest forums today!