With nearly 50 million active users, it’s no surprise that cybercriminals continue to target the popular online game Roblox with all kinds of scams and attacks.
According to new research from Checkpoint, Avanan researchers have discovered a Trojan horse file hidden in the legitimate Synapse X scripting tool that is used to inject exploits or cheat codes into Roblox.
Cybercriminals have started using Synapse X to install a self-executing program on Windows PCs that installs library files to the Windows system folder. This has the potential to break applications, corrupt or delete data, or even send information back to the cybercriminals responsible.
Avanan researchers first discovered the Trojan horse file used in the latest round of Roblox attacks in a customer’s OneDrive. While the client could have uploaded it to their cloud storage by mistake, the cloud messaging and collaboration security company scanned the file and labeled it as malicious.
Endanger family and even professional PCs
The specific version of Synapse X used in these attacks on Roblox users drops three files onto a victim’s system, one of which is a backdoor Trojan.
From there, the Trojan installs library files (DLLs) in the victim’s Windows system folder and this malicious code can be perpetually referenced by Windows and continue to function.
In addition to being able to break apps and listen to files, these attacks are of particular concern given that Roblox is primarily played by children. As a result, the Trojan can easily be installed on a personal computer which may not even have anti-virus software installed. However, there is also a business risk, as employees working from home may let their children play Roblox on their work laptops.
After finding this new Trojan targeting Roblox users, Avanan contacted Roblox Corporation and the two were notified via email with plans to connect further over the phone regarding the issue.
To protect your devices from these types of attacks, Checkpoint recommends users to avoid downloading files from untrusted sites, use malware scanning when accessing cloud storage services such as OneDrive and Google Drive and to install an antivirus on all their personal computers.