Important
The code in this repository is malicious and should not be used under any circumstances. This analysis is provided solely for educational purposes.
A sophisticated piece of malware has been identified, targeting Roblox users and compromising their accounts through deceptive methods. This malware is delivered via a bookmarklet on the attacker's websites (rolinked[.]com, rolinked[.]co) and is specifically designed to steal users' credentials, including their two-factor authentication (2FA) codes. The code is highly obfuscated, making it difficult to detect or reverse-engineer, which allows it to operate stealthily.
-
Initial Contact: The attack begins when users are tricked into visiting the attacker's website, where they are instructed to drag a bookmarklet to their bookmarks bar. When executed on the Roblox website, this bookmarklet injects the malicious code.
-
Malicious Injection: Once injected, the malware manipulates the Roblox interface, displaying fake prompts that convince users to provide sensitive information, including their 2FA codes.
-
Security Bypass and Account Takeover: The malware collects the 2FA code and other security details, such as parental control PINs. It then takes control of the user's account by:
- Changing the date of birth to 2/2/2022, exploiting COPPA regulations to hinder account recovery.
- Altering the registered email to the attacker’s email, thereby disabling password recovery options.
- Previously, the malware also checked for Robux and purchased scam products, though this feature is currently inactive.
- albertinaguerrero1971@hotmail.com
- alwine.lenora_1989@hotmail.com
- archibaldalexandra64@hotmail.com
- aldridgeangela13@hotmail.com
- anitabaldwin50@hotmail.com
- alicebirch40@hotmail.com
- archibaldmary94@hotmail.com
- alyssagilmore09@hotmail.com
- Username: @slimeBallBack7
- ID: 6045232974
- Creation Date: 5/19/2024
- Username: infiniteblox
- ID: 934401513734950912
To safeguard against this malware and similar threats:
- Stay Vigilant: Be cautious when interacting with off-platform websites, especially those that ask you to execute code.
- Avoid Suspicious Links: Do not click on links from untrusted or unknown sources.
- Do Not Execute Unverified Code: Never run code from untrusted sources, whether it’s a bookmarklet or a script in the developer console.
By adhering to these safety practices, you can protect yourself from potential threats targeting your Roblox account and other online platforms.