I am researching this experimentally. Im not sure how they did it, if they changed the prompt transparency, but I managed to replicate an effect in roblox studio without inducing the user to click. Im guessing I can’t say it here and if you want to know how I did it Im very happy to get this patched
Unfortunately this scam is built on scam games made by scammers, I’ve never seen cases of this happening on pre-existing games as it would need modification of coregui scripts which can’t be done by scripts, however disabling Allow Third Party Sales and Allow Third Party Teleports is useful advice as there are still “Loading…” scripts which can attack games, mostly in hijacked admin scripts and insert backdoors and track the game with the backdoors using discord webhooks. I covered how they worked in my blog called RBXDevnotofficial. Link to article
This code disables backpack and emotes. Something which is useful for developers. Disabling an user’s chat might me userful for moderation ingame too. With what I understand, purchaseprompts do not get disabled when SetCoreGuiEnabled is run on (Enum.CoreGuiTypes.All, false)
I really doubt you got a PromptPurchase dialog, visible or not, to confirm with zero mouse input from the user, could you elaborate on what “without inducing the user to click” means?
I doubt that since it’s just clicking the buy button
Well not really. Most of these work because there is a malicious script in a legit game which teleports to a fake game and once you purpchase it it teleports you back to the original game. See Scam Exploit ! (help on how to resolve?) as an example.
I was able to get my Robux back that I lost from this, but Roblox Support took away my one-time courtesy option as if my account was hacked or compromised – it was neither the two as you know.
Any options to get around this? I’m trying my best to work with the support agent but I can only do so much.
No. There’s no way for the Roblox employee to distinguish between you being legitimately scammed and you prompting yourself with any gamepass and playing it off as if your purchase was hijacked.
I didn’t click on a purchase prompt, I never did. The whole Bug Report is about malicious code being able to show over a UI purchase prompt. I had no clue that there was a purchase prompt under, and this shouldn’t be my responsibility at all.
I really hope for more clarification or instructions on what to do about this. Not just for me, but for the many other users that have also been impacted by this as well.
EDIT: I’d also like to point out that this can happen to literally anyone. This shouldn’t even be considered something along the lines as, “you fell for it” or “you accidently bought it” as no visible purchase popup was shown anywhere on the screen.
KonekoKitten just made a video on this, so a lot of the Roblox community is aware of this now, probably should be better in the coming days.
Most backdoors hide the PurchasePrompt and align the “continue” button right on the position of the Confirm purchase button. I messed randomly with the PurchasePrompt CoreGUI and managed to get it to purchase instantly without confirmation with it being invisible, sure works better than their scams, but I want to get this patched. Unfortunately I lost the code, but Roblox was very vulnerable to these things from the beginnings. I hope they fix this before this could lead to more important problems.
The coregui didn’t really “crash,” more like the renderer doing it’s job… too well.
When there are too many UIs, it starts to hide some. This even happens with too many UIs in the workspace, hiding other player UIs (which includes coregui) with it.
I’m actually curious on how someone found out how to do this.
Never have I seen something like this. This is a serious issue, and I’m glad it’s getting fixed.
I’m honestly just curious on how Roblox will handle this issue. Hopefully they can find a solution in this disaster.
Still, I intentionally added “visible or not” because I’m really skeptical that he managed to make it activate with no further interaction from the player (such as moving over the button, clicking on it, etc). And again, you just believe you didn’t click on a purchase prompt because you didn’t see it.
Are you sure you didn’t modify anything/mess with mouse behavior?
If the purchase prompt wasn’t visible on my screen (which it wasn’t), not my problem. There is no way to somehow justify this any further.
roblox should do a rollback after that because tons of people got scammed
Not gonna tell how I did it, but it was extremely easy to replicate without any help and it needs to be patched ASAP.
As you can see by the mouse darkening, the purchase screen remains functional yet invisible.