Roblox cheaters targeted by cybercriminals offering malicious gaming ‘hacks’


Dozens of malware variants targeting Roblox players have appeared online, taking the form of Python packages, Github repositories, and executable files. Cybersecurity researchers from Imperva warn that many of them were downloaded hundreds of times, with cybercrooks stealing money, data, and accounts.

The competitive gaming environment often causes some players to look for help via third-party programs and so-called ‘game hacks.’ Cybercriminals have found this trend to be a gold mine.

Imperva Threat Research has identified an ongoing malware campaign specifically targeting Roblox hackers.

ADVERTISEMENT

“Young gamers, often focused solely on enhancing their performance and experience, tend to act carelessly, making them more vulnerable to these traps. This recklessness can ultimately lead to the exposure of their sensitive data,” the report by Imperva Threat Research warns.

Roblox is a popular online gaming platform open to multiplayer game creators. One of the most popular games on the platform, visited 2.6 billion times, is Da Hood, which allows players to choose the role of a police officer or a criminal and participate in or combat gang activities.

Many players opt to install cheats or external modifications that help them in the game. While some mods may change the game's look or behavior, others offer certain advantages during competitive gameplay, such as aim assist, which enhances accuracy in shooter games.

Multiple packages were crafted to exploit Da Hood cheaters and disseminated on Github, Discord, and YouTube.

Most of them are malicious Python packages uploaded on PyPI (Python Package Index), the official repository for third-party Python software packages. Some Windows binaries were also discovered hiding a toxic payload – well-known info stealer malware variants such as Skuld Stealer and Blank Grabber.

The Skuld Stealer is designed to extract sensitive data from Discord, browsers, and cryptocurrency wallets, including credit card data, cookies, browsing history, and login credentials. It exploits the Windows auto-elevation feature to elevate privileges and gain access to all user sessions on a system. The Blank Grabber infostealer is similar.

The malicious packages are frequently updated to evade detection. What makes matters worse is that young gamers are encouraged to disable antivirus software and real-time protection in order to allow cheats to run, leaving them without any protection.

Malware from one of the more popular repositories on Github, called ‘Zwerve-External’, was downloaded more than 3,000 times. Researchers found copies of the malicious binary renamed to “RealtekHDAudioManager.exe,’ likely to avoid detection. Some of malicious repositories were still available at the time of writing.

ADVERTISEMENT