Flight Sim Labs, the makers of numerous pieces of add-on content for Flight Simulator X, has received a fair bit of criticism after eagle-eyed Reddit users discovered a malicious program embedded in one of its downloadable planes.
In response to the Reddit thread, the developer contended that the malware itself was intended only to affect those players that pirated the add-on and has no effect on those using the company’s content legitimately.
Digital rights management (DRM) tools are one-way developers can attempt to protect their games from those who choose to circumvent legal channels and download games illegally online, but some of those more extreme anti-piracy measures risk rubbing even legitimate players the wrong way.
In Flight Sim Labs’ case, the company included a file called 'test.exe' in the installer for the A320-X airbus add-on that served to extract passwords saved to the web browser Google Chrome. Though it has since been removed from the launcher, the password dump tool originally came packaged in the launcher for the add-on and, according to the company, would only activate if a known pirated serial number was used.
Taking to the company’s own forms, founder Lefteris Kalamaras explained that the tool did not ”indiscriminately” harvest passwords, saying that the person who discovered the ‘test.exe’ file had likely not legitimately purchased the add-on to begin with.
“First of all, there are no tools used to reveal any sensitive information of any customer who has legitimately purchased our products. We all realize that you put a lot of trust in our products and this would be contrary to what we believe,” said Kalamaris. “'Test.exe' is part of the DRM and is only targeted against specific pirate copies of copyrighted software obtained illegally. That program is only extracted temporarily and is never under any circumstances used in legitimate copies of the product. The only reason why this file would be detected after the installation completes is only if it was used with a pirate serial number (not blacklisted numbers).”
The developer goes on to say that the information it has extracted from the controversial DRM has already “successfully provided information that we’re going to use in our ongoing legal battle against such criminals.”
However numerous users in that earlier Reddit thread voiced concerns about a developer dropping malware onto the machines of legitimate purchasers, even temporarily, in many cases noting that Flight Sim Labs was potentially putting its paying customers at risk all to pursue pirates. As a result, the dev has acknowledged that the decision might have been “a bit heavy-handed” and released an updated version of the launcher that does not include the “DRM check” file.