Security News

Malicious npm Packages Mimicking 'noblox.js' Compromise Roblox Developers’ Systems
2024-09-02 03:36

Roblox developers are the target of a persistent campaign that seeks to compromise systems through bogus npm packages, once again underscoring how threat actors continue to exploit the trust in...

Roblox vendor data breach exposes dev conference attendee info
2024-07-08 13:56

Roblox announced late last week that it suffered a data breach impacting attendees of the 2022, 2023, and 2024 Roblox Developer Conference attendees. [...]

Over a Dozen Malicious npm Packages Target Roblox Game Developers
2023-08-23 06:33

More than a dozen malicious packages have been discovered on the npm package repository since the start of August 2023 with capabilities to deploy an open-source information stealer called Luna Token Grabber on systems belonging to Roblox developers. "The malicious packages reproduce code from the legitimate noblox.js package but add malicious, information-stealing functions," software threat researcher Lucija Valentić said in a Tuesday analysis.

Backdoored Chrome extension installed by 200,000 Roblox players
2022-11-23 11:07

Chrome browser extension 'SearchBlox' installed by more than 200,000 users has been discovered to contain a backdoor that can steal your Roblox credentials as well as your assets on Rolimons, a Roblox trading platform. These extensions claim to let you "Search Roblox servers for a desired player... blazingly fast" but both contained the backdoor.

Roblox Game Pass store used to sell ransomware decryptor
2022-06-09 19:29

A new ransomware is taking the unusual approach of selling its decryptor on the Roblox gaming platform using the service's in-game Robux currency. Roblox is an online kids gaming platform where members can create their own games and monetize them by selling Game Passes, which provide in-game items, special access, or enhanced features.

Bizarre ransomware sells decryptor on Roblox Game Pass store
2022-06-09 19:29

A new ransomware is taking the unusual approach of selling its decryptor on the Roblox gaming platform using the service's in-game Robux currency. Roblox is an online kids gaming platform where members can create their own games and monetize them by selling Game Passes, which provide in-game items, special access, or enhanced features.

The inside story of ransomware repeatedly masquerading as a popular JS library for Roblox gamers
2021-11-16 21:46

Js package by uploading similarly named packages that deliver ransomware to NPM, a registry for open source JavaScript libraries, and then promoting the malware-laden files via Discord, a messaging and chat service. Muir said those responsible are spreading malware by joining Discord servers with young users - according to Roblox, "[T]he majority of our users are under the age of 13" - to gain a position of trust and convince them to download a compromised library.

NPM packages disguised as Roblox API code caught carrying ransomware
2021-10-27 20:43

Security firm Sonatype on Wednesday said it had spotted two related malicious NPM libraries that were named so they might be mistaken for a popular legitimate module that serves as a Roblox API wrapper. Js, a Roblox game API wrapper available on NPM and as a standalone download. Roblox is a gaming platform with more than 40 million daily active users.

Roblox says hacker injected code that led to avatars’ gang rape
2018-07-20 11:29

Roblox was moving some older, user-generated games to a newer, more secure system when the attack took place, it says.

7-year-old’s avatar sexually assaulted on “family-friendly” Roblox
2018-07-05 10:09

Her shocked mother grabbed screenshots that show her daughter's avatar knocked flat and an unambiguous animation of a penis.