Why do I get asked for script injection in a "Safe" plugin?

  1. What do you want to achieve? Keep it simple and clear!
    I want to know why a plugin which was considered safe is trying to inject scripts

  2. What is the issue? Include screenshots / videos if possible!
    Whenever I try to use Brushtool it seems fine. It is made by the real @XAXA and I checked but recently I’ve seen that it tries to inject scripts. I allowed it and got a “WELD” named script. I’m 100% sure it was because of the script, as I didn’t have much parts
    Why tho? The plugin was fine until recently. I checked to make sure it was the real person and not a group. When I clicked on “Allow Script Injection” it just put the WELD (something like a getfenv script) script. I was wondering if anybody else got this?

  3. What solutions have you tried so far? Did you look for solutions on the Developer Hub?
    Removing Script injection permission.


    (It is @XAXA.)

Could you send the injected script’s content?

I have the same issue with a plugin of mine, it never never creates, moves, or loads a script. It would be helpful if it told us where the issue was.

It’s sort of an obfuscated script named “WELD.” It had something to do with fenv or something and had some credits “-- WELD script made by attrition.”
I removed the script from every game that I edited recently with that script.
After some research I found this reddit article. Guess Attrition is popular among “hackers” https://www.reddit.com/r/robloxhackers/comments/9dym7l/request_new_attrition_scripts/

XAXA is a trusted plugin creator and you can freely take a look at the plugin’s source. Do you have TeamCreate enabled or any other plugins?

TeamCreate is not enabled and any other plugins have either denied permission for injecting scripts or don’t request any permissions at all. I sometimes get a popup of Brushtool 2.1 requesting permission to inject scripts.

This is odd. Mind if I see all of your plugins? Anyways, deny all script injections if the plugin does not require them.

Okay. You have a fake plugin. I have found it out.

Remove this, it is a copy of AlreadyPro’s plugin. It is a group with a similar name. You also have more this kind of plugins on your inventory.

source

2 Likes

This has happened very recently, i would watch out for things like this. Check the creators of all plugins you install!

1 Like

This is now very common and I can see that from the plugins that I have analyzed in the past weeks.

2 Likes

I’ve already tried reporting this to ROBLOX, after a few days, the addons and groups are still up, I contacted support after I saw nothing was done and they instantly slapped me with the “We cannot do followups”

Profile still up as of today:

Personally I think the HISR megathread is the best way to report as Developer Relations actually reads the topic.

WARNING it might be a group named: @XAXA. Please remove the plugin at once!!!

@Xenoqe is most likely the man behind this.

Yeah I have started two different cases with customer support as this is a user safety concern. Both times I was slapped with a “Go report them and the moderation team will take care of it buddy”. Reported on five alt accounts and still no moderation action for them.

I don’t understand, I checked the dude’s profile and he seems legit years ago. Maybe they gotten hijacked and their account stolen. I don’t know, they’re Developer Forum account has high badges, would be weird for someone like that to have those badges…

No, they are not even a member:


1 Like

I was talking about XAXA. Is he the one?

No @xaxa is fine, @Xenoqe is making groups that have the same names as popular devs
image

1 Like

Oh, has anyone reported his account? This is seriously dangerous, I might have fell for it lemme check my plugins! :shock:

You can always look in the source code by going into roblox studio files (on your pc), finding the plugin id and finding the code. :grin: