I agree with what you are saying. As one thing that people sometimes do is give all permission to one rank under Owner and put no owner or a bot owner so that they can still manage the funds and do all that but no other harm can come from it.
Regarding’s to this thing what you should do is get an Anti-Virus plugin that will track and alert of all possible threats as it will help you track down what is where it is since one of our devs had a plugin that was compromised and kept putting these scripts in as many hidden places as possible. But I believe that it is an Asset that has been compromised and the require(1234) Has been changed to their new Malicious one. So it will be a little harder to find. (This is just a theory)
Prompt purchase guis always on top due to the fact that they are in the CoreGui service, and regular scripts can’t even look at it, but it seems like plugins can look and modify it
Does anyone who has seen this in their game mind telling me the list of plugins and models they used? I’m trying to find the asset the user is using to inject code into the games.
IMO this justifies a R0BL0XCRITICAL post for immediate attention and rectification from whoever’s responsible.
People manipulate the young Roblox audience into believing this is a legitimate Roblox captcha, which is recognisably similar and commonly seen throughout the Roblox website. To capitalise on a Roblox vulnerability that allows UI to overlap CoreGUI elements like a prompt.
This threat needs to be secured ASAP before it becomes a commonplace technique to extort Robux from users.
This is a problem, one of my friends on discord claimed that this could grab your ROBLOX account password and IP. Is this true or not? Guessing it can’t do either.
Just so it’s public knowledge, roblox-critical does not do anything anymore. Please do not suggest its use because it is just noise, it’s just a token gesture to make people feel better. Roblox knows already, so this is not useful.
I doubt this is true, passwords are usually hashed when kept in databases so whoever is behind it would have a hard time deciphering them and logging into your account. Anyways, it’s most likely false that they can get your account credentials and IP from you clicking that GUI. It might give them your clients IP, but that’s nothing to worry about.
A user that appears to be behind this scam (they have the group that is selling a shirt that scammed users) has items that cost robux on their account, leading me to believe that the people who orchestrated this compromised that user and probably others too.
A very similar problem has existed for a long time where you can trick someone into clicking a gui repeatedly then in the same space a purchase prompt appears when they aren’t expecting, causing them to accidentally make a purchase. I don’t think that issue is fixed either.