The idea that scam plugins have tags like [NEW] and [UPDATED] is pretty far fetched most scam plugins steal a big plugins code and then re upload it, it tricks people into thinking it’s the same plugin. Yeah a few scam plugins have tags like that but you don’t see many with that anymore.
True. Sorry. Although, there’s still a plenty of plugins with mentioned tags. Most of stolen plugins are on the bestselling page of library. Make sure to always look for scams. Those are usually uploaded mutliple times by fake devs, so if you see same plugin multiple times - that’s most likely a scam. Another trait of scam plugins is that they are uploaded by people/groups with similar names all the time; some examples would be: “Plugin Developers”, “Plugin Makers”, “TrustedPlugins”, “[DeveloperX]”, “FrontPlugins”, “Creator Studio”, etc.
So, I think it’s really easy to find a scam plugin. I never really had issues with downloading such. I have no idea why people keep getting “catfished”. Why do they??
I heard of rosync before I want to look up for the company that provides backdoors to be honest
Here are the GitHubs that are the source of the malicous code
Also someone told me this was an important part of the script http://45.79.27.137:8080/roblox DO NOT CLICK
Why what if I click it? Is it an ip grabber?
This isn’t malicious code. It’s a Lua bytecode interpreter.
I believe it is a webhook for the malicous Discord sever but I am not really sure. I would not click just to be safe
Nevermind it redirects this info to the webhook
Yeah, there behind a lot of these exploits on Roblox there pretty big.
Yeah I think it was just a coincidence
Recently I just got these inside of my game.
Nice job! I joined and posted a warning on the group wall. I also reported the group and all there plugins
Do you know the webhook address? One could hack it and bring it down, just saying
Not asking for it, just asking if you know it
Heads up: maybe DONT click that link, could be something malicious, you never know.
I clicked it without reading lol, nothing malicious it seems
RoSync is a backdoor that appears from malicious and usually fake plugins. RoSync can also be found in free models.
The backdoor seems to load a serverside mainmodule. However I personally do not think RoSync is a threat anymore since there is no proof that it is alive anymore. But because we can not be sure of this, it is recommended to remove the infection and plugin causing it.
RoSync can be removed with GameGuard Antivirus made by @deluc_t. (GameGuard Antivirus)