Roblox bug could damage millions of PCs and give data to hackers

Share on facebook
Share on twitter
Share on linkedin
Share on reddit

EXECUTIVE SUMMARY:

Roblox is an immensely popular children’s game system. In 2021, the gaming platform grew from 32.6 million daily active users to nearly 50 million, across 180 countries. Over 30.6 billion hours of engagement have been logged. More than 50% of American children have played Roblox games and nearly 66% of American children between the ages of 9 and 12 use the platform.

On this account, it’s little surprise that hackers wish to attach themselves to the Roblox service. Per Check Point Research, Roblox was the 8th-most impersonated brand during the first quarter of 2022, ahead of both Paypal and Apple.

Roblox bug discovery

The initial hint of a hacker surfaced in March of 2022, as researchers uncovered a Trojan file hidden within a legitimate scripting engine that’s used for cheat code in Roblox. The tool installs an executable file, which installs library files onto the Windows system folder. In turn, this enables the program to potentially break applications, corrupt or remove data or exfiltrate information to hackers.

How a Roblox cyber attack works – technical details

In this attack, hackers install a self-executing program in Windows, via a Roblox scripting engine. The file was originally found in OneDrive. Avanan managed to scan and block the file.

Vector: Downloadable file Type: Malware Techniques: Backdoor Trojan, malicious file injection Target: Any end-user

Within the attack, hackers inject three files, including a backdoor, into a scripting engine used by Roblox.

Roblox cyber attack technique

Hackers are exploiting a

Read more

Explore the site

More from the blog

Latest News