Flight Sim Game Maker Embeds Password-Stealing Malware In Game

By   ISBuzz Team
Writer , Information Security Buzz | Feb 22, 2018 03:15 pm PST

News broke yesterday that gamers are accusing a company that makes mods for Microsoft’s Flight Simulator X game of putting a password stealer inside one of its add-ons. The company defended its decision by saying the malware works part of a Digital Rights Management (DRM) platform and only activates when users are using a pirated copy of their mod. The company at the heart of this controversy is Flight Sim Labs, and the mod that got everyone talking is A320-X, a $100 add-on for Microsoft’s Flight Simulator X that allows users to pilot Airbus A320 airplanes. Giovanni Vigna, CTO and and Co-Founder at Lastline comented below.

Giovanni Vigna, CTO and and Co-Founder at Lastline:

giovanni vigna“Using a password stealer to combat piracy is a bad idea. There are a number of techniques that can be used to protect software, from obfuscation, to hardware tokens, to the use of run-time checks. Stealing personal information as a countermeasure for piracy is an approach that will likely backfire, as the 2005 Sony BMG rootkit [did.] Although it is very rare to see malware embedded in games, the malware creators are going after a very rapidly growing marketplace.  According to  a study from Newzoo, the gaming industry will reach $116 billion in 2017, with an expected growth rate of over $143 billion by 2020.  As this industry grows, it becomes a much larger and easier target for the malware industry.”