Jump to content

Flight Sim Labs pone malware en instalador


Renko

Recommended Posts

Si como lo oís :blink:
Flight Sim Labs ha estado poniendo malware en su instalador.
Aquí la noticia para más detalles https://www.rockpapershotgun.com/2018/02/20/we-were-after-one-guy-say-malware-flight-simmers/

Por lo visto se llamaba test.exe y lo que hacia era recolectar todas las contraseñas y nombres de usuario almacenados en Chrome.
Según ellos solo se activaba si se instalaba pirata, pero vaya usted a saber.
Ayer hablaban de que querian "pillar" a los piratas, y hoy hablan de "pillar" a una persona en concreto.

Por lo visto ya lo han retirado, pero esto que han hecho es algo muy ilegal. Más que lo que trataban de atajar.
También por lo visto la encriptación que se usaba para mandar esos datos del malware a ellos, es muy débil. Así que vaya usted a saber si algunos de esos datos acabaron en malas manos.

Yo no he comprado su software, pero si después de pagar casi 100€ me enterase que me andan metiendo malware pues me pensaría que hacer legalmente.
Os lo dejo por que imagino que alguno lo tendréis, e incluso puede que tengáis o tuvieseis el "test.exe"

Link to comment
Share on other sites

Vaya, ya están con denuncias. No me extraña

A mi me recuerda a este meme
597.jpg

Han intentado "parar" la piratería haciendo algo sumamente estúpido, y sobre todo muy ilegal.
Vamos que ellos mismos se han dado la "puntilla", por que si les empiezan a caer demandas (sobre todo en EEUU). Adiós a esa compañía

P.D.: Yo si fuese poseedor de ese producto reclamaría la devolución del importe de la compra. Imagino que ellos con esa practica tan ilegal han incumplido el EULA, ademas de la confianza del consumidor.


EDIT:
Cada vez pinta más feo.
Mirad este articulo de una compañía de seguridad si queréis ver algo en profundidad https://www.fidusinfosec.com/fslabs-flight-simulation-labs-dropping-malware-to-combat-piracy/
Es para mear y no echar gota.
Ojo cosas como esto de octubre del año pasado, dicho por un miembro del FSLabs. Le decían a la gente que desactivase el Antivirus para instalar su producto.....madre mía 
Oct-2017.png


TENED en cuenta el riesgo para vuestra seguridad que implica haber instalado este producto incluso legalmente.
Ved este post en reddit https://www.reddit.com/r/flightsim/comments/7yh4zu/fslabs_a320_installer_seems_to_include_a_chrome/
Y concretamente esto:

Spoiler

 

"I work in InfoSec for a large company as a Security Architect I am involved with Incident Response

First, this is illegal in many countries and states. They cannot distribute malware knowingly.

Second, for the misguided who are buying the line that it is only pirated serial numbers that are affected. Every system that downloaded and ran the file should now be considered compromised. At my company, if this was done, those systems would be isolated, investigated and reimaged.

Nobody can guarantee how the malware behaves that they installed. It very well could have left a ghost somewhere or when it is used could send the data via means the company could not detect. I seriously doubt they would look at DNS exfil or even know what it is.

There is also the possibility some developer of another program dropped malware and stole your license number and now your copy is blacklisted.

The data they exfiled is PII and there are lots of issues with taking it off a system. Was it transmitted in the clear? How are they storing the stolen data they pulled? What if they are compromised? How are they using the data? Have they shared the data? If so, how did they transmit the data and how is it stored?

There are legal issues as well. They acknowledged they stole PII from users. This is illegal. Any data obtained through those methods are also not admissible in court. They are also open to being fined by, at the very least, the EU and the UK.

For those legitimate users who say they have nothing to hide or worry about. You should be extremely worried. This company has done something very unethical and illegal. When they were caught doing it, they denied it initially, then they said they did it to fight piracy and, Oh, trust them, they don't execute it on legitimate customers. The issue with that is they already ruined that trust by putting malware on your system. You cannot trust this company when they say they do not run test.exe on legitimate copies.

If you have had this installer executed on your system, it is my professional opinion you should reimage your system and change any passwords stored in Chrome. Also, use a password manager and do not store passwords in Chrome.

Edit: More on the company trust. Keep in mind what they did is very unethical and illegal. In the coming weeks, they will be doing and saying anything to save their company. They are going to be assailed on multiple fronts with various agencies, Attorneys General, countries, and individuals investigating, prosecuting, and/or litigating.

Edit2: This has blown up, as it should, but if you read the posts on the forums for FSL that they did not delete, the lack of awareness is absurd. Also, the data was exfiled with unencrypted transmission and the data was not encrypted either. To make matters worse, the target server is not behind a firewall and has RDP open to the world."

 

 

Edited by Hayha
Link to comment
Share on other sites

Madre del amor hermoso.

 

Mira que hacen buenos productos, se suben  a la parra con el precio, pero bueno, cada uno pone el precio que quiere a su trabajo.

Ya se les habian visto formas al Lefteris y cia un poco raras...pero esto es inaudito!

Compras sus productos a un precio superior al de mercado y encima te meten malware!!!!!!!!

Ahora, esto es de ser unos impresentables de cuidado.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

Some pretty cookies are used in this website