Hackers exploit a scripting engine used for Roblox to insert a Trojan file that can break applications, corrupt or remove data, and send information to malicious actors.
Cybercriminals continue targeting Roblox, one of the most popular game systems globally, with over 50 million daily users. In April 2021, the Cybernews team investigation found that the Roblox app on Android appears to have numerous potential security issues under the hood that could put the platform and its players at risk.
Avanan, a Check Point company, uncovered a Trojan file hidden within a legitimate scripting engine, Synapse X, used for cheat code in Roblox.
Synapse X is legitimate and has safe files. However, its techniques can be easily exploited for malware. Avanan observed that a specific version of the tool drops three files, one of which is a backdoor Trojan. It found a malicious file in one of its customer’s OneDrive. The company did not specify how many users might have been affected.
“Trojans like this can break applications, corrupt or remove data and send information to the hacker,” the company noted.
It reached out to Roblox so that the company could up its security game.
“Beyond the ability to break applications and listen to files, what’s particularly concerning about this attack is that kids primarily play Roblox. That means that it can easily be installed on a personal computer, which might have little or no antivirus protection,” Avanan said.
In January’s report, Roblox highlighted that they had nearly 50 million daily users last year, up from 33 million in 2020. The company also said that experiences that “simulate real-life activities such as school and family dominated the list of the most popular genres on Roblox in 2021 and got twice as much engagement time from the year before.”
Security researchers pointed out a corporate risk as people working from home might install games on their work computers.
“Further, it’s not unreasonable to think that kids might play Roblox on their parent’s computer and install the file,” it said.
More from Cybernews:
Subscribe to our newsletter