Jump to content
Jon Skiffington

Malware in installer?

Recommended Posts

NilsUnger
6 minutes ago, Jon Skiffington said:

Anyone seeing this?

Yes, thanks to you now. But I am not quite getting it... What passwords?

Share this post


Link to post
Gregor Christie
4 minutes ago, NilsUnger said:

Yes, thanks to you now. But I am not quite getting it... What passwords?

Passwords stored in chrome as far as I can tell.

Share this post


Link to post
Florian Niklas
1 minute ago, NilsUnger said:

Yes, thanks to you now. But I am not quite getting it... What passwords?

According to the reddit post the "test.exe" file will dump your passwords from Google Chrome into a textfile or something. I checked it and my installation also contains that file (and of course my anti virus software instantly removed it).

I can't think of a good explanation why FSLabs should include such a file in their installer (regardless of the fact that it's illegal) and i'm very curious about the explanation from them.

  • Like 2

Share this post


Link to post
Matt Gardiner

I believe an explanation will be due in course. Let's not jump to conclusions.

Share this post


Link to post
nextgeneric
Just now, Snappy0 said:

I believe an explanation will be due in course. Let's not jump to conclusions.

It had better be good.

  • Like 2

Share this post


Link to post
Lars Hajema

Gents,

before any false accusations are made. Lets just wait until someone from the staf or @Lefteris Kalamaras makes a post explaining what is actually going on ;) 

Edit: Love how people jump to conclusions before having all the information. How often have we seen Trump jump to conclusions and in the end things were not even close to what he stated them to be. 

My advise. Take it or leave it, it's up to everyone to make that decision. Go outside get some fresh air and enjoy the day. And if you are in Europe like me. Go and enjoy your warm bed :lol:

Edited by Lars Hajema
typo.. also some advise ;)
  • Like 1

Share this post


Link to post
João Gouveia

Just wait for a word from the developers. I'm sure they will explain everything.

Share this post


Link to post
Liam Giles
Just now, Scott Callaway said:

This should be good...

Can't wait for the justification why this is included in the installer.

Share this post


Link to post
Luca vom Bruch

The only valid explanation would be "the installer got compromised". 

Even a DRM story would be sketchy, because we cannot exclude that legit customer password output from that password extractor would be somehow remotely transmitted.

  • Like 1

Share this post


Link to post
Marc Frederick

Post on the installation board - solution is to disable anti-virus software.... :unsure:

 

Share this post


Link to post
Liam Giles
3 minutes ago, Luca vom Bruch said:

The only valid explanation would be "the installer got compromised". 

Even a DRM story would be sketchy, because we cannot exclude that legit customer password output from that password extractor would be somehow remotely transmitted.

According to the Reddit post, it's been showing up in previous versions. Either eSeller or whomever is hosting the files has some god awful security or its packaged on release.

Share this post


Link to post
Ben Weston

Guys, please just hold off the flaming pitchforks until someone from FSL can give their side of the tale. 

It’s Sunday evening and this was only discovered in the last hour or two. Let’s see. 

  • Like 3

Share this post


Link to post
Luca vom Bruch

Either way I would want proof that NO chrome passwords of LEGITIMATE customers is transmitted.

Even if legit customer password would never be abused, you cannot just store them anyway. Remember that some users might use the same password for paypal or e-banking. Even if they are software thieves you cannot just simply record this data for revenge/abuse/extortion.

But we shall wait for the explanation.

My guess is still compromised installer.

I know that FSLabs designed this excellent Bird with a lot of passion and hard work, I am sure they will make it right!

  • Like 11

Share this post


Link to post
Gregor Christie
Just now, Luca vom Bruch said:

Either way I would want proof that NO chrome passwords of LEGITIMATE customers is transmitted.

Even if legit customer password would never be abused, you cannot just store them anyway.

But we shall wait for the explanation.

My guess is still compromised installer.

Yup, I fat fingered the file and opened it while checking if it was present in my installer and I am just worried it does something with my passwords.

Share this post


Link to post
Joseph Messore

Luca, 

Regardless of whether the customer is legitimate or not, transmitting any passwords to anyone or anywhere is still illegal.

I don't yet have the FSL, went to buy it the other day and card got declined because of the delight that is my navigraph subscription. It'll be interesting to see the explanation, but not for one second do I believe that a reputable organisation that has created such a valued product for our community is at all capable of doing what I described above.

  • Like 3

Share this post


Link to post
Pete Driver
4 minutes ago, Ben Weston said:

Guys, please just hold off the flaming pitchforks until someone from FSL can give their side of the tale. 

It’s Sunday evening and this was only discovered in the last hour or two. Let’s see. 

I'm struggling to find any reason that's reasonable enough to warrant a virus as a means of DRM.    Spin this however you like, but what they've done his highly unethical if not illegal.  I too would like to hear the reasoning, but they have a huge burden to prove that they had no malice.

You can't backdoor a virus as a means of DRM.  

  • Like 7

Share this post


Link to post
Luca vom Bruch
6 minutes ago, CaptainJosephHD said:

Luca, 

Regardless of whether the customer is legitimate or not, transmitting any passwords to anyone or anywhere is still illegal.

Totally agree!

You can't backdoor a virus as a means of DRM.  

Yes, it is somewhat dodgy that they would just advise to disable anti-virus if this is triggered.

Share this post


Link to post
David Norfolk

Chaps, 

lets keep the anger down until we know what’s going on. I understand how you’re all frustrated and demand answers however the only guys who can do that is the developers. Let’s hold tight & see what the response is.

  • Like 2

Share this post


Link to post
Scott Callaway
10 minutes ago, Ben Weston said:

Guys, please just hold off the flaming pitchforks until someone from FSL can give their side of the tale. 

It’s Sunday evening and this was only discovered in the last hour or two. Let’s see. 

I'm sorry, but there is no excuse to be putting malicious software onto a customers computer. Regardless of whether it's for DRM or not. There are other ways to prevent piracy than to include dangerous code with the installer.

  • Like 2

Share this post


Link to post
Stephen F

Wasn't the initial installer for the update pulled shortly after going live? is it the from that batch of installers or has everyone got it. How do you check i have no signs of a test.exe on my system or any virus in any  FSL folders 

Share this post


Link to post
Liam Giles
13 minutes ago, Stephen F said:

Wasn't the initial installer for the update pulled shortly after going live? is it the from that batch of installers or has everyone got it. How do you check i have no signs of a test.exe on my system or any virus in any  FSL folders 

You would have to extract the .exe you downloaded, using one of the tools the Reddit thread mentioned in order to check.

Share this post


Link to post
Ian Griffith

I'm not too worried as our passwords would've been compromised for some time and we would've noticed it. However, if its true they are indeed compromised, there is absolutely no excuse. There better be a good explanation for this.

Share this post


Link to post
Dean Johnston

If true I want the A319 for free xD #compensation 

  • Like 1
  • Haha 3

Share this post


Link to post
nabarun
Just now, DeanJohnston2717 said:

If true I want the A319 for free xD 

YOLO 
good luck on that

  • Haha 1

Share this post


Link to post
Stephen F

im no expert on this but i extracted the core  installer.exe file using 7-zip  and still nothing malicious 

Share this post


Link to post
Florian Niklas
2 minutes ago, Stephen F said:

im no expert on this but i extracted the core  installer.exe file using 7-zip  and still nothing malicious 

You need to use something like http://innounp.sourceforge.net/ in order to extract the content of the installer correctly. 7Zip is not able to extract the"real" content - after that you'll find the file in the tmp folder.

Share this post


Link to post
Evan Hardin

To me, intent is irrelevant. The fact that it is there is highly suspect and probably illegal. 

  • Like 2

Share this post


Link to post
Lefteris Kalamaras

Hello all,

we were made aware there is a reddit thread started tonight regarding our latest installer and how a tool is included in it, that indescriminantly dumps Chrome passwords. That is not correct information - in fact, the reddit thread was posted by a person who is not our customer and has somehow obtained our installer without purchasing.

I'd like to shed some light on what is actually going on.

1) First of all - there are no tools used to reveal any sensitive information of any customer who has legitimately purchased our products. We all realize that you put a lot of trust in our products and this would be contrary to what we believe.

2) There is a specific method used against specific serial numbers that have been identified as pirate copies and have been making the rounds on ThePirateBay, RuTracker and other such malicious sites.

3) If such a specific serial number is used by a pirate (a person who has illegally obtained our software) and the installer verifies this against the pirate serial numbers stored in our server database, it takes specific measures to alert us. "Test.exe" is part of the DRM and is only targeted against specific pirate copies of copyrighted software obtained illegally. That program is only extracted temporarily and is never under any circumstances used in legitimate copies of the product. The only reason why this file would be detected after the installation completes is only if it was used with a pirate serial number.

This method has already successfully provided information that we're using in our ongoing legal battles against such criminals.

We will be happy to provide further information to ensure that no customer feels threatened by our security measures - we assure you that there is nothing in our products that would ever damage the trust you have placed in our company by being our customer.

Kind regards,

Lefteris

  • Like 3
  • Thanks 5
  • Sad 1

Share this post


Link to post
Matt Gardiner

Sadly this is a massive privacy issue, even if it is being used for the right purposes assuming this is being installed on ALL PCs.

  • Like 6

Share this post


Link to post
Tobias Gruber
2 minutes ago, Lefteris Kalamaras said:

 

We will be happy to provide further information to ensure that no customer feels threatened by our security measures - we assure you that there is nothing in our products that would ever damage the trust you have placed in our company by being our customer.

 

I mean, even having such a measure in such a way in place is pretty damaging as far as trust towards the company goes....this is worrying at best...no DRM is perfect after all, I'm concerned about possible what-if scenarios if a legit customer gets caught out by it....

I would also question the legality of this whole thing, but im not a lawyer so I wont make any accusations of course.

  • Like 1

Share this post


Link to post
Lefteris Kalamaras
Just now, Snappy0 said:

Sadly this is a massive privacy issue, even if it is being used for the right purposes assuming this is being installed on ALL PCs.

It's not being installed - only temporarily extracted (by the nature of the installer) and then removed as soon as the installer finishes. It is never used on legitimate customers, only on verified pirate serial numbers.

  • Thanks 1

Share this post


Link to post
G€offr€y F€rnand€z

Snappy0, you'll have to change to your real name, you know?

"That program is only extracted temporarily and is never under any circumstances used in legitimate copies of the product. The only reason why this file would be detected after the installation completes is only if it was used with a pirate serial number. "

Share this post


Link to post
nextgeneric

The fact that malicious software, whether executed or not, is being put on our computers (or extracted then removed) is an absolute huge breach of privacy. An installer that harvests user passwords, no less. There has to be something illegal about this.

This is like trying to find who robbed your house by subsequently breaking into their house to find out who they are.

DRM or not, this is absolutely unacceptable from any legitimate company. I am appalled.

  • Like 9
  • Thanks 1

Share this post


Link to post
Riccardo Masia
1 minute ago, Lefteris Kalamaras said:

It's not being installed - only temporarily extracted (by the nature of the installer) and then removed as soon as the installer finishes. It is never used on legitimate customers, only on verified pirate serial numbers.

But even so, do you guys have any legal grounds to obtain passwords from users that are trying to install pirated software?

  • Like 4

Share this post


Link to post
Guest
This topic is now closed to further replies.

×
×
  • Create New...