The Inherent Risks of the Roblox Game and Its Impact on Students
By Aspire Security Operations Center (SOC) Team
Roblox is a free-to-play online game for Windows, Mac, iOS, Android, and Xbox. It is also a game creation platform that allows users to create their own games and play games created by other users.
Roblox has a massive global player base. In 2021 alone, the game’s authors counted 45.5 million users. Estimates that two out of three US children are playing online.
Roblox is one of the new massively large online spaces otherwise known as “metaverse.” It has virtual spaces created by users, forums where users can interact, and even its own currency. Like other online spaces before it (Second Life, Warcraft), players can purchase items for their characters to use in the game. There is always a way to buy online currency using a credit or debit card.
Like the real world, there are criminals online looking to swindle players out of their accounts or money. These criminal actors in Roblox, called “Beamers,” often use unofficial channels like email, instant messenger apps, and other online forums like Discord to perpetrate their schemes.[1]
The Roblox program itself is not considered malicious or a virus, but there can be a reason for concern. Users can be compromised while playing, including:
- Downloading a pirated version of Roblox with bundled malware
- Following a link from another Roblox player that hacks your device or steals your identity
- Downloading a Roblox cheating program that contains a trojan or similar virus
The Roblox virus is trojan-type malware that claims to be a cheating application (or “hack”) for Roblox. Players believe this app will significantly ease gameplay (allowing them to generate in-game currency free of charge. In reality, it’s a malicious app that infects their computers.
The Roblox virus executable “Robux Generator v2.0 Updated 2018” markets as a hack – or in-game currency (“Robux”) generator. This application gives no real value to (dishonest) players looking to cheat. It infects the system and proliferates another trojan called Win32/OnLineGames.
Furthermore, there are several different actions that this malware might perform, including recording data (keystrokes, saved logins/passwords, browsing history, etc.), providing developers with remote access, and downloading/installing other malware.
Therefore, Win32/OnLineGames poses a significant threat to your privacy and computer safety as we know cybercriminals can cause serious privacy issues and monetary loss. The trojan will infect the system and is almost always used for malicious purposes.
Malicious actors have yet again published two more typo squatted libraries to the official NPM repository. They mimic a legitimate package from Roblox with the goal of stealing credentials, installing remote access trojans, and infecting the compromised systems with ransomware.
The bogus packages — named “noblox.js-proxy” and “noblox.js-proxies” — were found to impersonate a library called “noblox.js,” a Roblox game API wrapper available on NPM that boasts of 20,000 weekly downloads.
According to Sonatype researcher Juan Aguirre, who discovered the malicious NPM packages, the author of noblox.js-proxy first published a benign version that was later tampered with by adding obfuscated text (in reality, a Batch (.bat) script) in the post-installation JavaScript file.
This Batch script, in turn, downloads malicious executables from Discord’s Content Delivery Network (CDN) that are responsible for disabling anti-malware engines, achieving persistence on the host, siphoning browser credentials, and even deploying binaries with ransomware capabilities.
Another significant risk in the Roblox metaverse is sexual content and child predators. The BBC recently published an article investigating sexual content on the platform. Adult users create spaces called “condos,” where sexual content, like adult chatrooms, occurs. [2]
Although Roblox developers have taken measures to take down these spaces, the potential for adults to engage in explicit activity with children runs high within the game’s chat function.
These risks expand beyond the liability expected by a standard user agreement. School administrators and IT staff alike must keep this in the forefront of thought when developing policies about the use of Roblox on their devices and network. While some may view online gaming as a creative outlet for students’ imagination and growth, cybercriminals see it as another avenue for their malicious activities.
The Aspire SOC advises the following actions to protect students and school administrators:
- Keep devices up to date: When security flaws (or vulnerabilities) are found in software, drivers, or programs, developers issue security patches to fix them. Keeping devices up to date helps protect you from exploits cybercriminals can use to gain a backdoor into your system. Vulnerabilities can exist everywhere on your computer, from your operating system down to individual apps.
- Don’t Download Suspicious Files: Train users not to download files they don’t recognize or click on attachments in emails if they don’t know the sender. In the case of Roblox, always avoid downloading cheat tools or anything that claims it gives their account an advantage.
- Run a full System Scan with a Next-Generation Antivirus or EDR solution: A full system scan will check every file, folder, and application on your system (including those in hard-to-reach places). The antivirus will alert you when it detects malware and give you the option to remove any infections, including trojans, adware, and spyware. Also, using an EDR solution will also prevent the installation of malicious binaries.
- Consider blocking Roblox sites and other related gaming forums: IT administrators can avoid the installation of Roblox and beamer platforms like Discord by adding Roblox and Discord-related domains to the Web Filter or Blocklist.
Aspire Technology Partners is a Cisco Gold Certified Partner engrained in solution pillars that set us apart as a true Cisco solutions provider. We are committed to the continuous improvement of expertise and skillsets around Cisco initiatives that enable us to help and guide customers in the adoption and management of technology architectures designed to transform their organization. We hold Cisco Master Specializations in Collaboration, Security, Cloud & Managed Services and is one of only 25 partners in the US to receive the Cisco Advanced Customer Experience Specialization.
[1] https://www.pcgamer.com/a-new-report-on-roblox-reveals-how-hackers-and-scammers-are-continuing-to-rip-off-kids/
