[archive] Tips to help keep you safe from malicious plugins

I have archived all of my topics created before 2024 due to being outdated or possibly having misinformation.

I made these when I was a lot younger and don’t think they’re very good, so I’ve gone ahead and archived them. You can still read my old topics if you want, but they won’t be of very good quality.

Archived topic

Intro

Malicious plugins on the Roblox website are a huge issue. This topic will be showing you how to keep yourself safe from installing those bad plugins.


What can they do?

Plugins can do many things to your game. They can load scripts into your game (this is kind of solved by roblox’s new feature for verifying if plugins can load scripts, but some people may allow it anyway) that could do stuff like teleporting the players to a different game, asking them to buy clothing through the MarketplaceService, and other things your normal virus script can do. Since they are part of studio, they could just destroy the game entirely.

What should I do to protect myself?

Before we start, I would just like to say that I do not recommend getting plugins from the website. I would get them from the DevForum or Roblox Studio’s toolbox. Many plugins on the website could be malicious.
This will show you a few ways to keep yourself safe from bad plugins on the website if you still want to get it from there.

1. Check if it is by the actual creator.

If it is by a group that is named after a developer, it is most likely a virus. The reason they do this is because in the creator name, it looks like it is made by the developer but when you click it, it is just a group. Like here:
image


taken from @sleitnick’s video here

2. If the name looks suspicious, then its most likely a virus.

Names like “FrontPlugins” or “Creator Studio” or “PluginsRoblox” are not really normal names for creators. If you think the name is suspicious, always check the place you are getting it from. Click the group or person, look at their join date and well… just look into where you are getting it from is what I am saying. That moves on to the next part:

3. Check the join date of the plugin creator.

Make sure to check the join date of the person you are getting it from. If its a group, then I believe you can’t check the join date. If the account is extremely new, then its most likely fake. This wont always work as sometimes they make the plugins on hacked accounts, which can sometimes be old.

4. Plugins from the Roblox Studio Toolbox are not viruses.

The toolbox and the website are completely different with how they work.

(This is what I believe, so correct me if I am wrong)

From what I believe, toolbox plugins are manually put on there instead of automatic. This means that it is checked by someone before being put on there. The website page is automatic, any plugin can appear there.

Roblox Studio Toolbox:

image

Website:

image

5. DevForum plugins are usually not viruses.

If you got the plugin from the DevForum, then it is most likely not a virus. All free plugins are open source, so developers would be able to look into the code. Considering the DevForum is filled with developers, if someone posts a virus on here then it would probably be found out extremely quickly and get deleted.

6. Not for everyone, but look through the code of the plugin.

I wouldn’t always recommend it as it takes a lot of time, but if you understand Lua then you can look through the source. Note: you can only do this with free plugins or plugins you own, here’s how:

Type this into your command bar and change “ID_HERE” to the plugin ID.

for _, object in pairs(game:GetObjects("rbxassetid://ID_HERE")) do object.Parent = workspace end

Press enter. The code will be in workspace.


Thanks for reading this. I will add more tips if you have some in the replies.

20 Likes