Known Malicious Plugins for HISR detection Megathread


Original: 1882232354
Malicious: 2435556035

Just an FYI for everybody concerned about malicious plugins. I’ve seen a massive uptake in spam user accounts purposefully impersonating well known developers. For example:

  • Real: OkevinO Spam: 0kevin0
  • Real: CodeSponge Spam: SpongeCoder

I think a lot of these accounts got banned, but I just wanted to make people aware because one of my friends fell for this and got into trouble with the moderators because of a server side backdoor being used to put items in his game.

Please double check the names of who developed the plugin you’re installing and check if it’s a deliberate copy or not.


It’s happening again.

Part to Terrain (my own plugin.)
Original: 261634767
Malicious: 3328292627

Building Tools by F3X
Original: 144950355
Malicious: 3320045603

GapFill & Extrude
Original: 165687726
Malicious: 3320031385

Load Character
Original: 752585459
Malicious: 3323713717

Waterfall Generator
Original: 1191990117
Malicious: 3328279741

1 Like

Tree Generator
Original: 1256428022
Malicious: 3390238326

Pretty half-baked attempt if I’m honest, the injected code broke my server core script which in turn breaks everything else. Good way to draw the ire of a coffee-deprived developer. 0/10.