In short, I’m referring to the re-uploaded Moon Animator 2 plugin made by 1Alt_Unknown1. I became hyper-paranoid when testing it out.
The reason for my concern is that when I looked in 1Alt_Unknown1’s inventory, I noticed a lot of SS scripts and a code obfuscator, I suspect to be backdoors and executors.
Upon looking into the scripts in the re-uploaded Moon Animator 2 plugin, I either missed or didn’t find any potential backdoors. I checked for common things like require, getfenv, string.reverse, pcall, and others, but I didn’t check all of them. Furthermore, I found that it isn’t a copy of Dexmand’s Moon Animator 2.
I would greatly appreciate it if someone could help look into this, as being paranoid isn’t helpful to game development. If I am wrong about anything, then please correct me.
Note: I scanned the plugin with three antivirus programs (not the paid ones), but they didn’t detect anything suspicious. I also inspected the core GUI, and it seemed fine, although I might have missed something. Searching for require or anything like that might not work because the code could be obfuscated, and I also have no idea if the plugin actually injects into CoreGUI.
Moon-Animator-2-Crack/init_crack_V31200.lua at main · Lozarth/Moon-Animator-2-Crack · GitHub
Moon Animator 2 free - Creator Store (roblox.com)
I should mention that it doesn’t use any HTTPS requests, so it doesn’t rely on third-party dependencies like Discord APIs, for example. Additionally, I searched for terms like “Luraph,” “IlI (ili),” “IronBrew,” “MoonStep,” and “PSU,” but found no matches. I also searched for his three newest models and pasted in their IDs, but again, no matches were found. However, I didn’t double-check it thoroughly, so I can’t guarantee that it doesn’t contain any of these.
I’m pretty sure it didn’t prompt for an injection when I tried to use it, but it’s possible that I just clicked the box where it wouldn’t ask me that, so that’s likely. However, this plugin has been active since December 29, 2022, and backdoors usually get banned within a matter of weeks.
Feel free to correct me if needed. And I would still not recommend using it even if I can’t find concrete evidence of it being a backdoor.
And regarding Dexmand/Lozarth being a backdoor, it’s actually not a backdoor (I assumed it when I saw it since I wasn’t in the mood to decode it at the time), at least from what I read on their GitHub. I would still recommend not using the current version. But what that line of code actually does is that if you’re not a member of one of the 14 groups and not a specific rank, then it will display an error message and something about not having an enterprise license, and the plugin will stop working.
I didn’t test it out, but the current version probably removed it. I am guessing that this was a previous version before he released it on YouTube, and that he removed that line when he released it.
If you come across this re-uploaded Moon Animator, I would advise against using it because the current one could be a lot more shady. Also, I should mention that when I post the links to the plugins, please don’t actually install them. I included them to caution you about potential risks associated with these two specific re-uploaded plugins and so you can have quicker access to uninstalling them.
