Flight-sim devs say hidden password-dump tool was used to fight pirates - Ars Technica

Originally Posted by Ars Technica

Developer says tool was intended to target one specific cracker.

The usually staid world of professional-grade flight simulations was rocked by controversy over the weekend, with fans accusing mod developer FlightSimLabs (FSLabs) of distributing "malware" with an add-on package for Lockheed Martin's popular Prepar3d simulation. The developer insists the hidden package was intended as an anti-piracy tool but has removed what it now acknowledges was a "heavy-handed" response to the threat of people stealing its add-on.

The controversy started Sunday when Reddit user crankyrecursion noticed that FSLabs' Airbus A320-X add-on package was setting off his antivirus scanner. FSLabs had already recommended users turn off their antivirus protection when installing the add-on, so this wasn't an isolated issue.

The reason for the warning, as crankyrecursion found, was that the installer seemed to be extracting a "test.exe" file that matched a "Chrome Password Dump" tool that can be found online. As the name implies, that tool appears to extract passwords saved in the Chrome Web browser—not something you'd expect to find in a flight-sim add-on. The fact that the installer necessarily needs to run with enhanced permissions increased the security threat from the "Password Dump."

FSLabs head Lefteris Kalamaras responded to the uproar over the discovery on the company's forums, arguing that the hidden file does not "reveal any sensitive information of any customer who has legitimately purchased our products" (emphasis in original). The file, he insists, is only activated if the installer sees a serial number that matches a database of pirated numbers found floating around on the Internet. "This method has already successfully provided information that we're going to use in our ongoing legal battles against such criminals," he wrote...