Roblox Exploited with Trojans
Roblox is one of the most popular game systems in the world. In 2021, this gaming platform grew from 32.6 million daily active users to nearly 50 million, across 180 countries. At one point, over half of American kids were playing Roblox. Beyond that, two-thirds of all kids in the U.S. between ages 9 and 12 use the platform.
It’s no surprise, then, that hackers are looking to attach themselves to this service. According to Check Point Research, Roblox was the 8th-most impersonated brand in the first quarter of 2022, ahead of Paypal and Apple.
Now, a more malicious attack is afoot.
Starting in March 2022, Avanan researchers uncovered a Trojan file that was hidden within a legitimate scripting engine that’s used for cheat code in Roblox. The tool installs an executable file that installs library files into the Windows system folder, giving the program the potential to break applications, corrupt or remove data, or send information back to the hacker. In this attack brief, Avanan will analyze how hackers are installing backdoor Trojans via Roblox scripts.
In this attack, hackers are installing a self-executing program in Windows, via a Roblox scripting engine.
The file was originally found in OneDrive–Avanan then scanned and blocked the file.
Vector: Downloadable File
Techniques: Backdoor Trojan, Malicious file injection
Target: Any end-user
In this attack, threat actors are injecting three files, one of which is a backdoor, into a scripting engine used by Roblox.
Email Example #1
This video shows how the program, called Synapse X, installs itself
Email Example #2
The threat report shows the characteristics that make this file dangerous.
Hackers are exploiting a scripting engine used for Roblox to insert malicious files, one of which is a backdoor trojan.
The tool is called Synapse X, which has a legitimate purpose and has safe files.
The tool, however, uses techniques that are also being used by malicious programs and can be easily exploited for malware.
The specific version of the tool observed here drops three files, one of which is a backdoor Trojan.
This file installs library files (DLL) into the Windows system folder. The malicious code can be perpetually referenced by Windows and remains running. Trojans like this can break applications, corrupt or remove data and send information to the hacker.
We found this file in a customer’s OneDrive. It’s possible the customer uploaded it by mistake. Avanan scanned and found the file malicious.
Beyond the ability to break applications and listen to files, what’s particularly concerning about this attack is the fact that Roblox is primarily played by kids. That means that it can easily be installed on a personal computer, which might have little or no antivirus protection.
Of course, there’s a corporate risk as well. As we continue to work from home, employees may install such files on their work computers. Without it being uploaded to a service like OneDrive or Google Drive, it may not be discovered.
Further, it’s not unreasonable to think that kids might play Roblox on their parent’s computer and install the file.
This malicious file perfectly illustrates the importance of zero-trust security. In this disparate, work-from-home era, threats are everywhere–including in children’s games.
Best Practices: Guidance and Recommendations
To guard against these attacks, security professionals can do the following:
Remind users to not download files from untrusted sites onto work computers
Employ malware scanning security in file-sharing apps such as OneDrive or Google
Deploy antivirus software on all computers, including personal ones
AWS digitally transforming CEAT with its IoT and Analytics
Amazon Web Services (AWS) has announced that CEAT LTD (CEAT) is using AWS to drive smart m...
Happiest Minds Technologies announces IDaaS MSSP solution powered by OneLogin
Happiest Minds Technologies has announced the launch of Identity Vigil 2.0, a ne...
NVIDIA to host GTC conference
NVIDIA announced that it will host its next GTC conference virtually from September 19-22,...
Crayon Software Experts India hosts Crayon Connect CIO Event 2022
Crayon Software Experts India has organized their flagship customer event, the Crayon Conn...
BPE Celebrates 22 years of Trust, Leadership & Success
Best Power Equipments (BPE) celebrated its 22nd anniversary on Saturday, 23 July 2022, at...