In short, I’m referring to the re-uploaded Moon Animator 2 plugin made by 1Alt_Unknown1. I became hyper-paranoid when testing it out.
The reason for my concern is that when I looked in 1Alt_Unknown1’s inventory, I noticed a lot of SS scripts and a code obfuscator, I suspect to be backdoors and executors.
Upon looking into the scripts in the re-uploaded Moon Animator 2 plugin, I either missed or didn’t find any potential backdoors. I checked for common things like require, getfenv, string.reverse, pcall, and others, but I didn’t check all of them. Furthermore, I found that it isn’t a copy of Dexmand’s Moon Animator 2.
I would greatly appreciate it if someone could help look into this, as being paranoid isn’t helpful to game development. If I am wrong about anything, then please correct me.
Note: I scanned the plugin with three antivirus programs (not the paid ones), but they didn’t detect anything suspicious. I also inspected the core GUI, and it seemed fine, although I might have missed something. Searching for require or anything like that might not work because the code could be obfuscated, and I also have no idea if the plugin actually injects into CoreGUI.
I should mention that it doesn’t use any HTTPS requests, so it doesn’t rely on third-party dependencies like Discord APIs, for example. Additionally, I searched for terms like “Luraph,” “IlI (ili),” “IronBrew,” “MoonStep,” and “PSU,” but found no matches. I also searched for his three newest models and pasted in their IDs, but again, no matches were found. However, I didn’t double-check it thoroughly, so I can’t guarantee that it doesn’t contain any of these.
I’m pretty sure it didn’t prompt for an injection when I tried to use it, but it’s possible that I just clicked the box where it wouldn’t ask me that, so that’s likely. However, this plugin has been active since December 29, 2022, and backdoors usually get banned within a matter of weeks.
Feel free to correct me if needed. And I would still not recommend using it even if I can’t find concrete evidence of it being a backdoor.
And regarding Dexmand/Lozarth being a backdoor, it’s actually not a backdoor (I assumed it when I saw it since I wasn’t in the mood to decode it at the time), at least from what I read on their GitHub. I would still recommend not using the current version. But what that line of code actually does is that if you’re not a member of one of the 14 groups and not a specific rank, then it will display an error message and something about not having an enterprise license, and the plugin will stop working.
I didn’t test it out, but the current version probably removed it. I am guessing that this was a previous version before he released it on YouTube, and that he removed that line when he released it.
If you come across this re-uploaded Moon Animator, I would advise against using it because the current one could be a lot more shady. Also, I should mention that when I post the links to the plugins, please don’t actually install them. I included them to caution you about potential risks associated with these two specific re-uploaded plugins and so you can have quicker access to uninstalling them.
Follow-up, regarding the alt plugin (not Dexmand), I would conclude that it probably isn’t a backdoor/virus. I am not 100% sure, but I can’t find any evidence of code obfuscation, no weird requirement of external modules like SS scripts. Even if it requires an external module, it will log its output. Also, there was no prompt asking to modify or inject any scripts, and it doesn’t use any HTTPS requests, which many backdoors are using nowadays. Additionally, it was published on an actual used Roblox account, not a throwaway account. Furthermore, it was published during 2021 (there are still backdoors that haven’t been moderated even if they were published in 2021 or before) and sorry for alot of yapping lol.
I just noticed this, but 1Alt_Unknown1 plugin got taken down. Idk if it was banned because it was malicous or because of blatant copyright. Lozarth moon animator also got taken down. Ig roblox figured to do something about it or the moon animator owner dmca or something. 1. ¯_(ツ)_/¯
