• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Flight Simulator Distributing Malware to Thwart Software Pirates

March 9, 2018 By Tanner Harrison

Angry Gamer Kid

Exposure of personal information on the internet has become an increasingly hot topic for many people over the past few years, especially with how many sites have had exposures of your PII (Personally identifiable information). The most publicized attacks are usually hackers who have broken into company systems to gather information, (such as Equifax). Another type of attack that doesn’t get enough attention though, are companies distributing malware with their public software releases.

Recently exposed on Reddit, users exposed a popular flight simulator for distributing malware; in a claimed attempt to stop software pirating. Fidus Information Security were the first ones to investigate the issue after hearing about the Reddit post. They found that the malware authors designed the payload to steal login credentials from web browsers using a Chrome password dumping tool by SecurityXploded. The most baffling part of this situation is that these passwords are Base64 Encoded send over HTTP, yes HTTP, to a log collection server with RDP access opened to the internet. There are many questions that have come up from this incident, but the most popular ones: What were they using the passwords for? And how securely did they store them?

This is not the first time that a company has distributed malware without the user’s knowledge. The most notable one was a few years ago when the CSGO gaming client ESEA (CounterStrike Global Offensive) was exposed for distributing an active Bitcoin miner; which they claimed was an April Fools joke after they had made roughly $3000. What ESEA did was punishable under the Internet Spyware Prevention Act , US regulators pinned ESEA with a $1m fine for installing a Bitcoin miner in its software.

As stated in the spyware prevention act: “Whoever intentionally accesses a protected computer without authorization, or exceeds authorized access to a protected computer, by causing a computer program or code to be copied onto the protected computer, and intentionally uses that program or code in furtherance of another Federal criminal offense shall be fined under this title or imprisoned not more than 5 years, or both.”

How can you keep yourself protected?

1). Avoid using any of your browser auto-filled or browser password managers

2). Use a 3rd party password manager. My personal favorite to use is KeePass and LastPass. Another good option to consider is 1password.

3). Use a different password for every site that you visit. Most password manager tools include an option for creating a unique and longer passphrase.

4). Use Two-Factor authentication whenever possible. You can see a list of sites that support 2FA here: https://twofactorauth.org/

-Tanner Harrison

Share This:

Related

Filed Under: Editorial Articles Tagged With: Infosec news, Malware

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • Here Come The Regulations
  • Cybersecurity’s Toll on Mental Health

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • The NSA’s Guidance on Securing Authentication
  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
  • US National Cybersecurity Strategy
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use