Roblox is one of the most popular games, with over 50 million daily active users globally. At least two-thirds of American kids between 9 and 12 years use the platform. At one point, half of the American kids were playing Roblox.
Avanan researchers found that hackers were installing a self-executing program that drops three executable library files (DLLs) into the Windows system folder.
Synapse X injects trojan code into Roblox scripts to install malicious libraries
One of the malicious files contains trojan code and could be referenced by Windows to run persistently, possibly as a Windows service or background process. The infected trojan file hidden in the Windows system folder has the ability to break applications, corrupt or remove data and communicate with hackers.
Those privileges could allow hackers to deploy additional payloads or encrypt data using ransomware.
Avanan discovered the trojan code file in a customer’s OneDrive folder, likely uploaded by accident.
The researchers warned that the children’s game’s malware could have serious cybersecurity risks, especially for unsecured devices.
“Beyond the ability to break applications and listen to files, what’s particularly concerning about this attack is the fact that Roblox is primarily played by kids,” Avanan stated. “That means that it can easily be installed on a personal computer, which might have little or no antivirus protection.”
The trojan code posed a corporate cybersecurity risk because employees could inadvertently copy the malicious files from infected devices. Additionally, children using their parents’ work computers to play the Roblox game could install the compromised Synapse X scripting engine to obtain cheat codes during work-from-home periods.
Cybersecurity risks with third party tools
Avanan reported the exploit to the game maker, who vehemently disputed the report, describing it as “misleading.” Roblox asserted that the compromise was in the Synapse X scripting engine and not the Roblox children’s game.
Additionally, Roblox stated that using third-party tools like Synapse X to circumvent game restrictions violated its terms.
“Using third-party services to circumvent specific systems is also against our Terms of Service,” the company responded. “Roblox maintains many systems to keep our users safe and secure, and we prohibit attempts to bypass these systems or otherwise violate our platform requirements,”
The researchers did not explain how the hackers compromised the Synapse X scripting engine and successfully inserted the trojan code. However, they clarified that Synapse X is a legitimate scripting tool with safe files.
Avanan discouraged users from downloading files from untrusted sites on their work devices.
Additionally, they should install antivirus software on all computers, including personal devices. Users should also scan files downloaded from hosting services to avoid self infection with backdoor trojans and other threats.