Heres what I know:
My Questions:
Post your reply
What does this backdoor do, and who’s “we” in the title? Give some examples and even a place file if you have issues with it
I added a toolbox model to my game and the toolbox model had a script inside of it that loaded a exploit.
The exploit was a backdoor which relied on HTTP service. In order to get the developer to enable HTTPS service, the backdoor prompted a very convincing prompt that resembled a real roblox prompt which told the developer they needed to enabled the service in settings for asset loading.
When I saw this, I deleted the backdoor script inside the toolbox model. However, I found that the message was still there. After deleting the script, I noticed the prompt still appeared, so I deleted the entire model. I noticed it was still there so I deleted every model and looked at every script. In order to finally get the message to be gone, I had to use a script in command bar to remove every script in game.
This means that the script was not in a standard area that was visible to me but in a hidden area, only retrieved with using game:GetDescendants(). I want to know how the backdoor got there and what kind of threat this poses to other developers.
Well, the backdoor got there by you failing to understand that you shouldn’t be inserting random free models into your game and ignoring the notice that tells you it contains scripts (which would be extremely odd for something like a simple chair).
The threat this poses to other developers mostly depends on their ability to be cautious when importing 3rd party assets into their game.
I didnt ask what i should of done, I asked how they did it.
Can’t you just clone the script?
are there any hidden services that dont delete objects placed there on studio reload?
Last time I checked, the services delete objects placed in there when the game is reset. I havent really tested it much though so Im not sure
I don’t understand why you want to know how, you can’t exactly stop a virus in a free model from spreading once you insert it.
That being said, did you run the game with the virus inserted? Can I have a screenshot of what the prompt looked like? (You mentioned it looked like a real prompt, so just send the one it looked like)
nvm what i said i just realized that scripts doesnot run there
I already deleted the virus. I can tell it was a fake prompt because it was located in my playergui on runtime
If you download a copy of the game, is the backdoor still active in the copy? If not, you could override the game with the copy.
I would have to find the asset again in toolbox to get the virus since I deleted it already
okay i found the asset
this was the asset with the virus
If deleting using GetDescendants worked, you could do it again but before deleting it print the script’s path using GetFullName to see where it is.
i imported that module and saw how it works
it requires a malicious assest called Bl#xFr#itModule
i did a reply explaining how it works but it got moderated
i reported the user that made that module
the # in the assest name is to make this reply not get moderated
it seems that GE_0E mightve figured out your issue, but theres also the chance that this backdoor couldve been inserted in your game from a plugin you have installed
check all of your plugins and if they dont need script injection, they might be the culprit.
this also includes reuploads of plugins or newly updated/downloaded ones, and pirated ones.
let us know how it goes and what happens
How come it was able to operate even thiugh the asset was deleted
I’m looking at the same model in a baseplate, but it only has one script, “AutoWeld+” using MesID: rbxassetid://13230056261
Reading over the code, the only place a require is used is in the QSignal function. Where are you finding the code that requires the bloxfruitmodule?
i didnot find it but i got an output msg if requiring that assest
and then i searched for that assest id on the marketplace
Look for ‘require’ in that script. Its quite cleverly done.