Woke up to a "Purchase Prompt" bug in my game

I have a game that is usually fine everyday, however, this morning I woke up to messages saying that a purchase prompt was popping up every couple seconds. Issue: https://gyazo.com/676a6e82e65b522e75420cbb57dbb8da

See for yourself if you’d like: closed - Roblox

I’ve already researched this topic today and a common issue is having a malicious plugin. I uninstalled all of my plugins and the problem is still present.

I have also tried doing (Command+Shift+F) to pull up the search bar. I have searched up about 20 different things including “require” and “PromptPurchase”

There are no free scripts in my game, and additional to that, the game was working fine yesterday and it wasn’t updated anytime after that before the problem game.

No one has access to my game, team create is turned off so there’s no way someone could have done anything to the game over night. I’m thinking possible a plugin inserted a script into a model or something. I have a pretty large game but I looked through pretty much all of the scripts and saw nothing.

Additional Info: I do have the assetID to the gamepass that is being prompted, but searching it was no luck.

Help!

I would suggest turning off “Allow Third Party Sales” under security in game settings, this will hopefully fix your issue.

My game is a store so the whole point of it is to have sales, I wouldn’t be able to do that.

It’s infested, it’s something in your game. You added some malicious model/code that prompts this all the time. Find it, and delete it.

My game has been unchanged since the beginning of December. Could It be that I added something months ago and its just now causing an issue?

Yes, this is entirely possible behavior for malicious code within your game.

It’s probably from a private module. Private modules can be updated remotely by the owner. They can also use datastores to activate themselves later. They can also be activated in game.

Press Ctrl + Shift + F and search require and if you don’t find anything getfenv.

The script using the private module can also be created by a plugin. I’d recommend double checking yours to make sure they’re not copies. Plugins can add scripts while you aren’t looking. It’s also entirely possible that the malicious code isn’t inside a private module.

I’ve tried that several times with no luck.

I assume you’re using a free model. Could you send the script? We can probably point out where the purchase is coming from.

You could also use return, most of the time they have obfuscated their scripts. Just saying.

If your store only sells items that is owned by your group then you should turn allow third party sales off otherwise keep it on.

I would also check for any scripts with getfenv in.

I’ve had this issue. These will most likely be backdoors, and you could get those by using free models. I would suggest doing what @PseudoPerson said, use Ctrl+Shift+F to look throughout your game. They can be hidden really well.

Please read before posting. They’ve already done that but they have a Mac so they said Command + Shift + F.

Send what script? The script is what I’m looking for.

Would you mind looking my Discord PM?

This is probably a dumb idea but if it helps, search wait in all your scripts. As it comes up every few seconds then it could be on a loop.

They’ve already done that already.

Turn off third-party-sales. It will deny the sale from being prompted unless you use third-party shirts for you, it won’t work. Go look into your plugins and disable the ones you don’t trust, then look through your scripts and see if you see anything malicious.

This thing is a backdoor and it basically ruins the experience for players, I would suggest using RoDefender for this.

Here are some articles:

Also, if you can’t find it in your scripts, it’s probably a plugin issue. Disable some of your plugins, and if all else fails, disable all your plugins and uninstall the ones you don’t trust. You probably got a botted plugin, check the usernames of the plugin creator for more help.

Again, they have already uninstalled all of their plugins.