The studio behind an add-on for Microsoft Flight Simulator X has apologised for including password-stealing malware in its latest release.
Earlier this week, Reddit user crankyrecursion flagged the presence of a file called "test.exe" in FlightSimLabs's A320-X expansion for Microsoft Flight Simulator X.
According to crankyrecursion, the file was some form of piracy detection that could be used to steal Chrome passwords.
Sure enough, as shown by software developer Luke Gorman, running the file results in Chrome's login file being automatically located, and usernames and passwords being dumped into a console screen.
FlightSimLabs boss Lefteris Kalamaras said that the file was only executed if you were found to be using a pirated version of A320-X.
"There is a specific method used against specific serial numbers that have been identified as pirate copies and have been making the rounds on ThePirateBay, RuTracker and other such malicious sites," he wrote.
"If such a specific serial number is used by a pirate (a person who has illegally obtained our software) and the installer verifies this against the pirate serial numbers stored in our server database, it takes specific measures to alert us.
"'Test.exe' is part of the DRM and is only targeted against specific pirate copies of copyrighted software obtained illegally. That program is only extracted temporarily and is never under any circumstances used in legitimate copies of the product," he continued.
"The only reason why this file would be detected after the installation completes is only if it was used with a pirate serial number (not blacklisted numbers). This method has already successfully provided information that we’re going to use in our ongoing legal battles against such criminals."
So basically, FlightSimLabs was asking its legitimate customers to switch off any anti-virus software during the installation of A320-X, and then trust FlightSimLabs wouldn't take their information.
With a backlash quickly mounting, FlightSimLabs released a new installer without the test.exe file, and Kalamaras issued an apology.
"I want to reiterate and reaffirm that we as a company and as flight simmers would never do anything to knowingly violate the trust that you have placed in us by not only buying our products but supporting them and FlightSimLabs," he wrote.
"While the majority of our customers understand that the fight against piracy is a difficult and ongoing battle that sometimes requires drastic measures, we realize that a few of you were uncomfortable with this particular method which might be considered to be a bit heavy handed on our part. It is for this reason we have uploaded an updated installer that does not include the DRM check file in question.
"I want to thank you all for voicing your concerns in a considerate manner on our forums and elsewhere. We do listen to our customers because without you, there would be no FlightSimLabs."
Another update followed: "We have already replaced the installer in question and can only promise you that we will do everything in our power to rectify the issue with those who feel offended, as well as never use any such heavy-handed approach in the future. Once again, we humbly apologize!"