25.11.2022 – 17:00z

Simcident Report: That Time FSLabs Shipped Actual Malware to Paying Customers

Welcome to Simcident Report, where we take a closer look at the people, events, and drama that shaped the flight sim hobby.

This is the story of how a well-regarded developer of add-on aircraft sullied their reputation with the brilliant idea to ship malware with their product in the name of tracking down pirates. How did this happen? Let’s begin by taking a brief look at the world of flight sim add-ons.

A Brief History of Flight Sim Add-Ons

In the early 1980s flight simulators came to home PC users with the release of Sublogic’s Flight Simulator, the game that would later become the basis for the popular Microsoft Flight Simulator series. By the mid-90s, thanks to scenery and aircraft design tools included with the game, a cottage industry of add-on developers sprung up to provide all kinds of modifications to the base Flight Simulator. Microsoft supported these add-on developers with updated tools and even advised flight sim users to look for high-quality “payware” add-ons for the game to improve their experience.

Read also: Atelic Announces Madeira Airport for MSFS

Today, all of the major flight simulators on the market such as X-Plane, P3D, and Microsoft Flight Simulator (2020) all feature a wide array of both freeware and payware add-ons to choose from, often with entire studios and teams of developers supporting them. For many, sticking to freeware is good enough. For others though, payware is seen as offering a higher level of experience well worth the price of admission.

It’s not uncommon for serious flight sim fans to sink hundreds if not thousands of dollars into add-ons to improve their sim experience. The high prices of payware add-ons are generally accepted within the flight sim community. After all, developing a high-quality add-on takes hundreds of man hours and ultimately the end product is an extremely niche one.

However, not everyone is happy to pay upwards of $100 for a single virtual aircraft, which is why piracy of flight sim payware add-ons remains a big problem for developers.  So, over the years, these developers have come up with some… let’s say “creative” solutions to the problem of piracy.

Read also: LatinVFR A330-200CEO Released for MSFS2020

Controversy – Now Boarding

In February of 2018, fans of the Airbus A320X flocked to download the latest release of the plane from FSLabs, a well-regarded developer of payware add-ons for the flight sim P3D. However, in a since-deleted post, one Reddit user noticed something strange about the nearly $100 plane. The poster noted that the installer for FSLabs A320X included a file called “test.exe” that kept triggering alerts on his anti-virus software. The official word from FSLabs was vague and simply instructed users to temporarily disable their anti-virus during installation as the warning was a false positive.

But the poster kept digging. He found that test.exe was a program called “Chrome Password Dump” by a company named Security XPloded which is advertised as a tool for security researchers and penetration testers. The program would dump a user’s auto-fill usernames and passwords from Google Chrome to a text file. It was subsequently found that the FSLabs installer would take this file, save it as a log file, encode it, and send it completely unencrypted to FSLab’s servers.

Naturally, users expressed concern that FSLabs was stealing user password information or perhaps had been compromised itself. The thread gained significant traction and eventually prompted a response from FSLabs founder and lead Lefteris Kalamaras.

Read also: MSFS2024 SDK Developer Stream

Hello all,

We were made aware there is a reddit thread started tonight regarding our latest installer and how a tool is included in it, that indescriminantly dumps Chrome passwords. That is not correct information – in fact, the reddit thread was posted by a person who is not our customer and has somehow obtained our installer without purchasing.

I’d like to shed some light on what is actually going on.

Read also: Just Flight Releases New F70/100 Development Update

  1. First of all – there are no tools used to reveal any sensitive information of any customer who has legitimately purchased our products. We all realize that you put a lot of trust in our products and this would be contrary to what we believe.
  2. There is a specific method used against specific serial numbers that have been identified as pirate copies and have been making the rounds on ThePirateBay, RuTracker and other such malicious sites.
  3. If such a specific serial number is used by a pirate (a person who has illegally obtained our software) and the installer verifies this against the pirate serial numbers stored in our server database, it takes specific measures to alert us. “Test.exe” is part of the DRM and is only targeted against specific pirate copies of copyrighted software obtained illegally. That program is only extracted temporarily and is never under any circumstances used in legitimate copies of the product. The only reason why this file would be detected after the installation completes is only if it was used with a pirate serial number (not blacklisted numbers).

This method has already successfully provided information that we’re going to use in our ongoing legal battles against such criminals.

We will be happy to provide further information to ensure that no customer feels threatened by our security measures – we assure you that there is nothing in our products that would ever damage the trust you have placed in our company by being our customer.

Kind regards, Lefteris

Read also: BRsimDesigns Releases AA-5B Tiger for MSFS

FSLabs’ official response only served to fan the flames of the angry Reddit users and owners of the A320X. Not only was the inclusion of malware intentional but somehow it was supposed to stop piracy? Commenters rightfully pointed out, that regardless of the intentions when this executable was included in the installer, they had knowingly distributed malware, active or not, to paying customers which is completely illegal in pretty much every jurisdiction. Things only got worse when FSLabs admitted that they had included this program in every copy of the installer with the intention of identifying one particular pirate.

Expected Turbulence

Reddit posts and comments flooded gaming and flight sim subreddits calling FSLabs out for their shady practices. Distributing malware to all of your customers in the hopes of catching one pirate seemed akin to randomly firing a gun into a room and hoping you hit your target. Even after assurances from FSLabs that the “DRM” would only target pirates, people were rightfully concerned that some mistake or bug could lead to the tool activating accidentally or even that someone could breach the server where FSLabs was keeping the stolen passwords.

Threads and comments popped up highlighting the history of shady behaviour from FSLabs and Kalamaras.

Read also: Flysimware Releases Sierra C24R for MSFS 2020

Incredibly, this wasn’t even the first time Kalamaras had been accused of including malware in a flight sim add-on. In 2014, while working on the PDMG McDonnell-Douglas MD-11, Kalamaras allegedly included code in the update tool that would delete a user’s flight sim install if it detected a pirated copy of the plane. In this instance, users of the AVSIM forum reacted with ridicule against OP, saying he shouldn’t have pirated the plane and gotten what he deserved. However, other users reported that the MD-11 had corrupted their installation despite owning legitimate copies of the plane.

Other commentators pointed out that, ironically for a company so concerned about piracy, FSLabs had been accused of lifting parts of its A320 cockpit from a different plane by developer Aerosoft.

At least one user claimed to have had their banking info stolen following buying the FSLabs A320X, though there is no direct evidence this is related.

Read also: BeyondATC Launches Pilot Portal, Wiki, and Traffic Map for MSFS

The backlash against FSLabs was growing and the story started to gain some attention from more mainstream gaming outlets such as PC World and Kotaku. FSLabs responded by releasing an updated malware-free installer and offering refunds. In an official statement, no apology was offered and no wrongdoing was admitted.

While the majority of our customers understand that the fight against piracy is a difficult and ongoing battle that sometimes requires drastic measures, we realize that a few of you were uncomfortable with this particular method which might be considered to be a bit heavy handed on our part. It is for this reason we have uploaded an updated installer that does not include the DRM check file in question.

While after some additional backlash, FSLabs would eventually issue a real apology, not all of their fans were happy. Grumblings of lawsuits against FSLabs were had but nothing came of any of these efforts. In spite of FSLabs clearly being in violation of the law they faced no legal action of any kind.

Read also: Orbx Releaes Gold Coast Landmarks for MSFS

It happened AGAIN?

After a while, the story died down. Then in June, another Reddit post titled “cmdhost.exe, what is it?” appeared. It seemed FSLabs was at it again. Users reported that the FSLabs installer left a file called cmdhost.exe in their Windows system directories.

Why would FSLabs need to install system-level files? Once again users on FSLabs forums began reporting issues with their flight sim startup being stopped by anti-virus software. One user reached out to his anti-virus company Hitman Pro who confirmed that FSLabs cmdhost.exe was using a technique called process hollowing, where basically one program is started, frozen mid-execution, and then is replaced in memory by a second program. It’s a technique often used by malware to hide from users while pretending to be a legitimate program.

FSLabs was quick to explain that the process was part of their e-commerce partner’s activation system. Again, more DRM. This time there wasn’t an obvious sign of the process being malware, but for users who had already been burned once by FSLabs, this second incident was the final straw. While it was easy enough for FSLabs to silence criticism on their own forum, Reddit was another matter. So they did what any logical internet-minded company caught engaging in shady behaviour would do…

Read also: Aircraft and Avionics Update 3 Now Out for MSFS

Double down and threaten legal action against your user base!

Send in The Lawyers

Shortly after the newest allegations of malware began to roll in, the moderators of r/flightsim posted An open letter to Flight Sim Labs. In this letter, they posted emails from FSLabs in which the FSLabs PR manager “gently reminded” the mod team that Reddit had a legal obligation to remove libelous comments defaming FSLabs and if the mods didn’t comply with FSLabs demands they would be forced to send in lawyers.

The response from the mod team called out FSLabs for saying they “welcomed robust and fair comment and opinion” while engaging in censorship in their own forum and on Reddit. They also highlighted that legally there was nothing that FSLabs could do as the user statements did not constitute libel under the laws of the United States where Reddit was based nor the UK where FSLabs was based. Finally, they accused FSLabs of engaging in vote manipulation and astroturfing.

Read also: Fw 190 A-8 Released for MSFS by FlyingIron Simulations

Not content with going after just Reddit, FSLabs had apparently also reached out to flight sim news site FSElite. In a statement posted by FSElite, they outlined that FSLabs had reached out to them and demanded that they remove comments on their article on the FSLabs controversy that they deemed libellous. When FSElite refused to censor their users, FSLabs demanded that FSElite hand over the personal information of the users who had left the comments so that they themselves could inform the users of their dubious legal liability. FSElite refused this request, as well as a request by the developer to join them in their battle against Reddit. Subsequently, FSElite blacklisted FSLabs from their reviews and editorials until such a time that they could earn the trust of the community back. 

Once again, after mainstream sites such as Ars Technica picked up the story, FSLabs was forced to back down with Kalamaras stating that they had never intended to launch legal action against the Reddit mods and supported free speech and discussion of their products. FSLabs’s PR manager once again issued an apology.

The Trust of The Community

In the end, despite all of the threats, media coverage, and angry emails and Reddit posts, nobody was sued and nobody was charged with any crimes.

Read also: MSFS Expert Series ATR 42-600 and 72-600 Expansion Released

But FSLabs’ reputation has never fully recovered. Nearly every thread on r/flightsim that mentions FSLabs has some reference or joke related to malware, and new players are continually warned about the shady history of the company.

On the other hand though… even throughout the whole scandal, nobody could deny the quality of FSLabs add-ons, and many still hold the developer in high regard for producing high-quality products… you just need to look past their history…

Does anyone remember back in 2015 when Valve and Bethesda sparked an internet firestorm by adding paid mods to Skyrim’s Steam Workshop? How people argued there’d be limited accountability, things would be overpriced, piracy would be a problem, and there was no guarantee developers would support their mods?

Read also: PMDG Discloses More Information about MSFS 2024 Development

Yea. Flight simulator fans have been dealing with that for about 30 years.

Welcome to Simcident Report, where we take a closer look at the people, events, and drama that shaped the flight sim hobby.

This is the story of how a well-regarded developer of add-on aircraft sullied their reputation with the brilliant idea to ship malware with their product in the name of tracking down pirates. How did this happen? Let’s begin by taking a brief look at the world of flight sim add-ons.

A Brief History of Flight Sim Add-Ons

In the early 1980s flight simulators came to home PC users with the release of Sublogic’s Flight Simulator, the game that would later become the basis for the popular Microsoft Flight Simulator series. By the mid-90s, thanks to scenery and aircraft design tools included with the game, a cottage industry of add-on developers sprung up to provide all kinds of modifications to the base Flight Simulator. Microsoft supported these add-on developers with updated tools and even advised flight sim users to look for high-quality “payware” add-ons for the game to improve their experience.

Read also: Aircraft and Avionics Update 3 Now Out for MSFS

Today, all of the major flight simulators on the market such as X-Plane, P3D, and Microsoft Flight Simulator (2020) all feature a wide array of both freeware and payware add-ons to choose from, often with entire studios and teams of developers supporting them. For many, sticking to freeware is good enough. For others though, payware is seen as offering a higher level of experience well worth the price of admission.

It’s not uncommon for serious flight sim fans to sink hundreds if not thousands of dollars into add-ons to improve their sim experience. The high prices of payware add-ons are generally accepted within the flight sim community. After all, developing a high-quality add-on takes hundreds of man hours and ultimately the end product is an extremely niche one.

However, not everyone is happy to pay upwards of $100 for a single virtual aircraft, which is why piracy of flight sim payware add-ons remains a big problem for developers.  So, over the years, these developers have come up with some… let’s say “creative” solutions to the problem of piracy.

Read also: First Impressions: Aerosoft Airbus A330 for Microsoft Flight Simulator

Controversy – Now Boarding

In February of 2018, fans of the Airbus A320X flocked to download the latest release of the plane from FSLabs, a well-regarded developer of payware add-ons for the flight sim P3D. However, in a since-deleted post, one Reddit user noticed something strange about the nearly $100 plane. The poster noted that the installer for FSLabs A320X included a file called “test.exe” that kept triggering alerts on his anti-virus software. The official word from FSLabs was vague and simply instructed users to temporarily disable their anti-virus during installation as the warning was a false positive.

But the poster kept digging. He found that test.exe was a program called “Chrome Password Dump” by a company named Security XPloded which is advertised as a tool for security researchers and penetration testers. The program would dump a user’s auto-fill usernames and passwords from Google Chrome to a text file. It was subsequently found that the FSLabs installer would take this file, save it as a log file, encode it, and send it completely unencrypted to FSLab’s servers.

Naturally, users expressed concern that FSLabs was stealing user password information or perhaps had been compromised itself. The thread gained significant traction and eventually prompted a response from FSLabs founder and lead Lefteris Kalamaras.

Read also: REX Atmos Released For Microsoft Flight Simulator

Hello all,

We were made aware there is a reddit thread started tonight regarding our latest installer and how a tool is included in it, that indescriminantly dumps Chrome passwords. That is not correct information – in fact, the reddit thread was posted by a person who is not our customer and has somehow obtained our installer without purchasing.

I’d like to shed some light on what is actually going on.

Read also: Aerosoft A330 Released for MSFS

  1. First of all – there are no tools used to reveal any sensitive information of any customer who has legitimately purchased our products. We all realize that you put a lot of trust in our products and this would be contrary to what we believe.
  2. There is a specific method used against specific serial numbers that have been identified as pirate copies and have been making the rounds on ThePirateBay, RuTracker and other such malicious sites.
  3. If such a specific serial number is used by a pirate (a person who has illegally obtained our software) and the installer verifies this against the pirate serial numbers stored in our server database, it takes specific measures to alert us. “Test.exe” is part of the DRM and is only targeted against specific pirate copies of copyrighted software obtained illegally. That program is only extracted temporarily and is never under any circumstances used in legitimate copies of the product. The only reason why this file would be detected after the installation completes is only if it was used with a pirate serial number (not blacklisted numbers).

This method has already successfully provided information that we’re going to use in our ongoing legal battles against such criminals.

We will be happy to provide further information to ensure that no customer feels threatened by our security measures – we assure you that there is nothing in our products that would ever damage the trust you have placed in our company by being our customer.

Kind regards, Lefteris

Read also: Orbx Releaes Gold Coast Landmarks for MSFS

FSLabs’ official response only served to fan the flames of the angry Reddit users and owners of the A320X. Not only was the inclusion of malware intentional but somehow it was supposed to stop piracy? Commenters rightfully pointed out, that regardless of the intentions when this executable was included in the installer, they had knowingly distributed malware, active or not, to paying customers which is completely illegal in pretty much every jurisdiction. Things only got worse when FSLabs admitted that they had included this program in every copy of the installer with the intention of identifying one particular pirate.

Expected Turbulence

Reddit posts and comments flooded gaming and flight sim subreddits calling FSLabs out for their shady practices. Distributing malware to all of your customers in the hopes of catching one pirate seemed akin to randomly firing a gun into a room and hoping you hit your target. Even after assurances from FSLabs that the “DRM” would only target pirates, people were rightfully concerned that some mistake or bug could lead to the tool activating accidentally or even that someone could breach the server where FSLabs was keeping the stolen passwords.

Threads and comments popped up highlighting the history of shady behaviour from FSLabs and Kalamaras.

Read also: Fenix A321 CFM Engines Replaced, New Update Pushed for the Line-Up

Incredibly, this wasn’t even the first time Kalamaras had been accused of including malware in a flight sim add-on. In 2014, while working on the PDMG McDonnell-Douglas MD-11, Kalamaras allegedly included code in the update tool that would delete a user’s flight sim install if it detected a pirated copy of the plane. In this instance, users of the AVSIM forum reacted with ridicule against OP, saying he shouldn’t have pirated the plane and gotten what he deserved. However, other users reported that the MD-11 had corrupted their installation despite owning legitimate copies of the plane.

Other commentators pointed out that, ironically for a company so concerned about piracy, FSLabs had been accused of lifting parts of its A320 cockpit from a different plane by developer Aerosoft.

At least one user claimed to have had their banking info stolen following buying the FSLabs A320X, though there is no direct evidence this is related.

Read also: Fw 190 A-8 Released for MSFS by FlyingIron Simulations

The backlash against FSLabs was growing and the story started to gain some attention from more mainstream gaming outlets such as PC World and Kotaku. FSLabs responded by releasing an updated malware-free installer and offering refunds. In an official statement, no apology was offered and no wrongdoing was admitted.

While the majority of our customers understand that the fight against piracy is a difficult and ongoing battle that sometimes requires drastic measures, we realize that a few of you were uncomfortable with this particular method which might be considered to be a bit heavy handed on our part. It is for this reason we have uploaded an updated installer that does not include the DRM check file in question.

While after some additional backlash, FSLabs would eventually issue a real apology, not all of their fans were happy. Grumblings of lawsuits against FSLabs were had but nothing came of any of these efforts. In spite of FSLabs clearly being in violation of the law they faced no legal action of any kind.

Read also: Just Flight Releases New F70/100 Development Update

It happened AGAIN?

After a while, the story died down. Then in June, another Reddit post titled “cmdhost.exe, what is it?” appeared. It seemed FSLabs was at it again. Users reported that the FSLabs installer left a file called cmdhost.exe in their Windows system directories.

Why would FSLabs need to install system-level files? Once again users on FSLabs forums began reporting issues with their flight sim startup being stopped by anti-virus software. One user reached out to his anti-virus company Hitman Pro who confirmed that FSLabs cmdhost.exe was using a technique called process hollowing, where basically one program is started, frozen mid-execution, and then is replaced in memory by a second program. It’s a technique often used by malware to hide from users while pretending to be a legitimate program.

FSLabs was quick to explain that the process was part of their e-commerce partner’s activation system. Again, more DRM. This time there wasn’t an obvious sign of the process being malware, but for users who had already been burned once by FSLabs, this second incident was the final straw. While it was easy enough for FSLabs to silence criticism on their own forum, Reddit was another matter. So they did what any logical internet-minded company caught engaging in shady behaviour would do…

Read also: Pilot Experience Sim Releases Biarritz Pays Basque Airport V2 for MSFS

Double down and threaten legal action against your user base!

Send in The Lawyers

Shortly after the newest allegations of malware began to roll in, the moderators of r/flightsim posted An open letter to Flight Sim Labs. In this letter, they posted emails from FSLabs in which the FSLabs PR manager “gently reminded” the mod team that Reddit had a legal obligation to remove libelous comments defaming FSLabs and if the mods didn’t comply with FSLabs demands they would be forced to send in lawyers.

The response from the mod team called out FSLabs for saying they “welcomed robust and fair comment and opinion” while engaging in censorship in their own forum and on Reddit. They also highlighted that legally there was nothing that FSLabs could do as the user statements did not constitute libel under the laws of the United States where Reddit was based nor the UK where FSLabs was based. Finally, they accused FSLabs of engaging in vote manipulation and astroturfing.

Read also: PMDG 777 Freighter in Beta, New Update for 777-300ER

Not content with going after just Reddit, FSLabs had apparently also reached out to flight sim news site FSElite. In a statement posted by FSElite, they outlined that FSLabs had reached out to them and demanded that they remove comments on their article on the FSLabs controversy that they deemed libellous. When FSElite refused to censor their users, FSLabs demanded that FSElite hand over the personal information of the users who had left the comments so that they themselves could inform the users of their dubious legal liability. FSElite refused this request, as well as a request by the developer to join them in their battle against Reddit. Subsequently, FSElite blacklisted FSLabs from their reviews and editorials until such a time that they could earn the trust of the community back. 

Once again, after mainstream sites such as Ars Technica picked up the story, FSLabs was forced to back down with Kalamaras stating that they had never intended to launch legal action against the Reddit mods and supported free speech and discussion of their products. FSLabs’s PR manager once again issued an apology.

The Trust of The Community

In the end, despite all of the threats, media coverage, and angry emails and Reddit posts, nobody was sued and nobody was charged with any crimes.

Read also: Parallel42 737 Immersion Released for MSFS

But FSLabs’ reputation has never fully recovered. Nearly every thread on r/flightsim that mentions FSLabs has some reference or joke related to malware, and new players are continually warned about the shady history of the company.

On the other hand though… even throughout the whole scandal, nobody could deny the quality of FSLabs add-ons, and many still hold the developer in high regard for producing high-quality products… you just need to look past their history…

Does anyone remember back in 2015 when Valve and Bethesda sparked an internet firestorm by adding paid mods to Skyrim’s Steam Workshop? How people argued there’d be limited accountability, things would be overpriced, piracy would be a problem, and there was no guarantee developers would support their mods?

Read also: WINWING Unveils New Full-Size Airbus EFIS Panel

Yea. Flight simulator fans have been dealing with that for about 30 years.

Can flight sim get you arrested?

Check out the latest Simcident Report!

This article was brought to you by:

Captain badge1 Year in the team badgePublish 1 Review badge

Related posts