News broke yesterday that gamers are accusing a company that makes mods for Microsoft’s Flight Simulator X game of putting a password stealer inside one of its add-ons. The company defended its decision by saying the malware works part of a Digital Rights Management (DRM) platform and only activates when users are using a pirated copy of their mod. The company at the heart of this controversy is Flight Sim Labs, and the mod that got everyone talking is A320-X, a $100 add-on for Microsoft’s Flight Simulator X that allows users to pilot Airbus A320 airplanes. Giovanni Vigna, CTO and and Co-Founder at Lastline comented below.
Giovanni Vigna, CTO and and Co-Founder at Lastline:
“Using a password stealer to combat piracy is a bad idea. There are a number of techniques that can be used to protect software, from obfuscation, to hardware tokens, to the use of run-time checks. Stealing personal information as a countermeasure for piracy is an approach that will likely backfire, as the 2005 Sony BMG rootkit [did.] Although it is very rare to see malware embedded in games, the malware creators are going after a very rapidly growing marketplace. According to a study from Newzoo, the gaming industry will reach $116 billion in 2017, with an expected growth rate of over $143 billion by 2020. As this industry grows, it becomes a much larger and easier target for the malware industry.”
About the Author
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.
