Code injection

2018-02-2000:29:00

PRIOn knowledge base

www.prio-n.com

9.2 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

79.2%

JSON

The FSX / P3Dv4 installer 2.0.1.231 for Flight Sim Labs A320-X sends a user’s Google account credentials to http://installLog.flightsimlabs.com/LogHandler3.ashx if a pirated serial number has been entered, which allows remote attackers to obtain sensitive information, e.g., by sniffing the network for cleartext HTTP traffic. This behavior was removed in 2.0.1.232.

CPENameOperatorVersion
a320-xeq2.0.1.231

CPE	Name	Operator	Version
	a320-x	eq	2.0.1.231

References

forums.flightsimlabs.com/index.php?/topic/16210-malware-in-installer/

medium.com/@lukegorman97/flightsimlabs-alleged-malware-analysis-1427c4d23368

www.reddit.com/r/flightsim/comments/7yh4zu/fslabs_a320_installer_seems_to_include_a_chrome/