FlightSimLabs Injected Virus Like DRM into its distribution

Published by


A thread on Reddit exploded as a user noticed FlightSimLabs, who makes add-ons for flight sims, injecting an extremely controversial DRM in their software. It is so far-fetched that it can steal passwords and account info from browsers, being classified as malicious software by antivirus products.

Lefteris Kalamaras from FlightSimLabs has now issued a statement on their official forum of the company in response to the commotion, as reports today. In his post, he claims that the file, which is called "test.exe", would only be used for versions of the installer that have been designated as an illegal copy. Now, that sounds a little confusing, let me clear that up a little: all (including official) software and released get this tool included, but as soon as a serial number is a mismatch, they install/activate the "DRM". 

So, that means that they deliberately injected the code, they state: "There is a specific method that we use at serial numbers that have been identified as illegal copies and that are circulating on The Pirate Bay, RuTracker, and other malicious sites."

---- EDIT - 19FEB2018 0330UTC ----
Hello all,

I would like to further address some of the controversy that has taken place this evening.I want to reiterate and reaffirm that we as a company and as flight simmers would never do anything to knowingly violate the trust that you have placed in us by not only buying our products but supporting them and FlightSimLabs. While the majority of our customers understand that the fight against piracy is a difficult and ongoing battle that sometimes requires drastic measures, we realize that a few of you were uncomfortable with this particular method which might be considered to be a bit heavy handed on our part. It is for this reason we have uploaded an updated installer that does not include the DRM check file in question. I want to thank you all for voicing your concerns in a considerate manner on our forums and elsewhere. We do listen to our customers because without you, there would be no FlightSimLabs.

Here's the link to the updated A320-X v232 installer.

--- END EDIT ---

Hello all,

we were made aware there is a reddit thread started tonight regarding our latest installer and how a tool is included in it, that indescriminantly dumps Chrome passwords. That is not correct information - in fact, the reddit thread was posted by a person who is not our customer and has somehow obtained our installer without purchasing. I'd like to shed some light on what is actually going on.

1) First of all - there are no tools used to reveal any sensitive information of any customer who has legitimately purchased our products. We all realize that you put a lot of trust in our products and this would be contrary to what we believe.

2) There is a specific method used against specific serial numbers that have been identified as pirate copies and have been making the rounds on ThePirateBay, RuTracker and other such malicious sites.

3) If such a specific serial number is used by a pirate (a person who has illegally obtained our software) and the installer verifies this against the pirate serial numbers stored in our server database, it takes specific measures to alert us. "Test.exe" is part of the DRM and is only targeted against specific pirate copies of copyrighted software obtained illegally. That program is only extracted temporarily and is never under any circumstances used in legitimate copies of the product. The only reason why this file would be detected after the installation completes is only if it was used with a pirate serial number (not blacklisted numbers).This method has already successfully provided information that we're going to use in our ongoing legal battles against such criminals.

We will be happy to provide further information to ensure that no customer feels threatened by our security measures - we assure you that there is nothing in our products that would ever damage the trust you have placed in our company by being our customer.

Kind regards,


This all started on Reddit with a user writing a post that the installer of a certain aircraft model contained a Chrome- password dumper from the provider SecurityXploded. A VirusTotal upload of the file indicates that it is identified as malicious software by about half of the antivirus products on the platform. This file would be present in the A320X software of the company.

Kalamaras described the 'tool' as about being a form of DRM:

"This method has since successfully provided information that we will use in our legal battle against criminals."

With this 'DRM' FlightSimLabs could actually gain access to personal information about owners of copies of their software, including access to e-mail or other accounts.

To cover things up, he also mentions that a new installer is on its way without that 'drm-tool' in it. It is unclear how long Kalamaras has included this tool in the installer. Kalamaras mentioned that he realizes that users 'feel uncomfortable with this method, which he feels would be on the heavy side'.

FlightSimLabs Injected Virus Like DRM into its distribution

Share this content
Twitter Facebook Reddit WhatsApp Email Print