Known Malicious Plugins for HISR detection Megathread



This is a megathread for posting any malicious plugins you find (ones that inject malicious code or infections into the user’s games) which I will regularly check, verify the plugin is malicious, and add to the HISR plugin’s known malicious plugin list. This will allow any user who uses HISR V2.1+ with the setting enabled to scan for know malicious plugins to be notified that they own a malicious plugin as well as list the original plugin if known so that they may remove/replace the (copied) malicious plugin.

This is the active list of known malicious plugins that the HISR plugin uses for detection:
If the plugin ID that you found as being malicious isn’t there then please make a post in the following template so that I may review and add it to the list for the HISR plugin.

Template for listing malicious plugins:

Malicious plugin: 2631801555
Original plugin: 338813970

P.S. As always it’s a good idea to “Report Abuse” on copied and/or malicious plugins so that ROBLOX may CD them. This is just to notify users about the malicious plugin in the mean time.

V2.1 - Plugin: Hidden Backdoor/Infection Script Detector (Detects/Removes infections from malicious plugins)
V2.1 - Plugin: Hidden Backdoor/Infection Script Detector (Detects/Removes infections from malicious plugins)

Hope this contribution helps!

Camera Light

Malicious: 2715008764
Original: 163874890

Brick Draw

Malicious: 2661950443
Original: 802969927

Model Mirror

Malicious: 2644964458
Original: 1162948697


Malicious: 2644964457
Original: 852963967

Tree Generator

Malicious: 2644964454
Original: 1256428022

Class Converter

Malicious: 2644964449
Original: 833851216

Landscape Plugin

Malicious: 2672245855
Original: 242938331

Global Replace Utility

Malicious: 2672245883
Original: 1053075232

Player / Group Tags

Malicious: 2672245890

Block To Room

Malicious: 2661950467
Original: 875926724

Catalog Import Tool

Malicious: 2661950445
Original: 965352286

Minimap Generation Plugin

Malicious: 2661950461
Original: 1873722908

Quick Paint Tool (For Single/Multi Bricks)

Malicious: 2623611354
Original: 160236414

Catalog Loader

Malicious: 2623611352
Original: 997404854

3D Text

Malicious: 2623611348
Original: 2273628561


The fact that the malicious version of my plugin has 11k installs just baffles me.


They bot the sales a lot so people see them.


Gapfill (The malicious one was made January 3rd of 2019, soo…

Malicious: 2613864560

I also dragged the model from the installed plugins folder on my computer into the game, and they made a server script in there.


All reported plugins so far have been reviewed and added. Thank you @duke_tylerjone and @MrLonely1221!


Couldn’t Roblox implement algorithms to detect plugins or models that had rapid and unexpected plugin growth? Because all of these are seen due to bots boosting the sales. Additionally, put a 2 or so month long minimium on uploading public plugins. That can atleast rat out the bots that make accounts and immediatly upload stuff. Maybe even flag plugins with the same thumbnail and name or things like that?


Ultimate Model Stretch / Extend (1 dimensional)

Malicious: 2634252959
Original: 1032987767


This is marking my custom made scripts viruses. I used the “Store” feature and I deleted the “Infections” folder not knowing what I was doing. Is there a way to reverse this?


This should be on the topic for the plugin but you can either try undo (ctrl+z) or go to your place page on the roblox website, click the … at the top right, then configure place, then locate the versions and click the link to the version before the top-most one. This will revert your game to right before the last publish. (Assuming that you published the changes already by accident. Otherwise just close studio without saving or publishing and reopen it.) After that just click “Whitelist” if you want to select some scripts to not be marked as viruses. (Also if you want to use the script whitelist then make sure to turn it on in the settings.)


Even though Roblox probably should implement some detection system, it must be also considered the higher end and more noticed developers who release a new plugin will also get a massive amount of sales. For example, if a YouTuber with 1 million subs releases a completely safe plugin and their community is absolutely hyped for its release, you can probably expect a solid 10k-50k (random guesstimates) sales just on the first day of its release.

p.s. this is probably more off topic than should be :sweat_smile:


Block Terrain Plugin

Malicious: 2760053105
Original: 250511443