Sign In

Close
Forgot your password? No account yet?

⚠ WARNING: Companies may install password leaking malware on your computer! by Mircea

Firstly I ask that you consider sharing this post to spread the news: Everyone needs to be warned about this sort of thing and know that it's happening! Anyone can be a victim of such practices, and since it comes from trusted companies they won't even have a reason to suspect it. Victims can have their usernames and passwords actively stolen and their accounts compromised!

https://torrentfreak.com/flight-sim-company-embeds-malware-to-steal-pirates-passwords-180219
https://motherboard.vice.com/en_us/article/pamzqk/fs-labs-flight-simulator-password-malware-drm

The summary: A company creating DLC for a Microsoft product called Flight Sim (an aeroplane simulator) was caught hiding malware in the installer of their product. The virus accesses your browser cache if you're a Google Chrome user, reads all usernames and passwords stored in it, then uploads them to the servers of FlightSimLabs. As unbelievable as this may sound, it's real and there is no mistake: It has been done deliberately which was confirmed by a spokesman of the corporation once its discovery went viral on Reddit. The scheme was uncovered after a player noticed the installer kept triggering their antivirus software... they got curious and checked why that is, then upon further diagnosis they discovered that a file called Test.exe collected and sent data from their hard drive to the producer.

Why on Earth would they ever do such a thing? Their excuse was simple: Trying to catch people who pirated the game. The producers consider this a form of DRM, and want to use it to get a list of any potential pirates who have accessed sites like ThePirateBay. In other words, if the installer believes that you've pirated the game (which can even happen mistakenly), they're going to steal all of your usernames and passwords from your machine... technically giving them access to every account you have online (Facebook, Twitter, etc) unless you're protected by two-factor authentication. They even went on to brag about how the data they obtain this way may be used in courts to convict people! They tried to water things down by clarifying that the process is only activated if the software detects an incorrect serial number, or that the system was created to target a specific person who they thought use Chrome... it should be obvious how little that matters to anyone who understands and is concerned about basic software security.

Apart from being an insidious thing to do, it's easy to see how this practice has huge potential to become a tool used for gathering data on people and persecuting sensitive communities. Imagine if someday software companies teamed up with law enforcement to include leaking tools in operating systems or video games, which scan your drive for specific content and send proof of you breaking the law to an organization: People can be arrested for what they search on the web, the porn they watch (there's already high interest in this area), the games found on their drives, and so much more... not to mention secretly giving the usernames and passwords to third parties in order to compromise the accounts of inconvenient people as a means of censorship.

Being a tech person, I have a list of security tips I normally offer in such circumstances: If you're a Windows user, run antivirus software and make sure to check every alert before clicking the "allow" button... tell your browser not to store your username and password in the cache for sensitive sites... and for the love of god, do not enable DRM in your browser even if some sites (like Netflix) want you to trust them to use it! Ideally you can use open-source software exclusively, which makes such attacks far more difficult since anyone can check the source code thus it's impractical to try hiding such a tool. You can also look up software before downloading and installing it to see if anyone else reported such malware.

At this stage the news comes as no shock to me. The only thing it does is to further turn me against copyright culture, making me more eager to see copyright abolished alongside other forms of prohibition: If something has been released into the public domain, people can and will copy it... it's impractical to try controlling the free flow of data by force, in the delusional and simple-minded hope that people are guaranteed to give you more money if they can't find something elsewhere. Jesus Christ... we live in a world where you can be fined or arrested for singing a song on the street or even saying a word out loud, because copyright has become a disease eating away at the most simple and fundamental freedoms a living being can have! I'm so glad to release everything I create under a Creative Commons license and steer free from this repulsive insanity, which I'll keep doing until the day I die.

⚠ WARNING: Companies may install password leaking malware on your computer!

Mircea

Journal Information

Views:
192
Comments:
2
Favorites:
0
Rating:
General

Tags

(No tags)

Comments

  • Link

    That's a really scary thing.

  • Link

    Reminds me of the incident where those Sony CDs had malware on them.