Nasty Roblox bug could wreck kids' PCs and send their data to hackers — how it works

Roblox (Image credit: Roblox)

Roblox, a popular, kid-friendly online platform that lets users create immersive worlds and games for others to enjoy, may not be as innocuous as you think. Cybersecurity firm Avanan, a subsidiary of Check Point, published a report about a nasty bug inside the game that could wreak havoc on kids' PCs.

In March 2022, Avanan investigators uncovered a Trojan file hidden inside a legitimate engine used for cheat code in Roblox. Malicious actors can exploit this tool's vulnerabilities to unleash malware that can break applications, send victims' info to hackers, and corrupt (or remove) data.

Nasty Roblox bug targets kids' PCs

Avanan cybersecurity researchers discovered that hackers are installing a "self-executing program" in Windows via Synapse X, a Roblox scripting engine. The Avanan report highlighted that Synapse X has an authentic, legitimate purpose and has safe files, but hackers are exploiting it to inject malware in users' systems.

The self-executing program is a backdoor Trojan that installs library files in victims' Windows system folder. "The malicious code can be perpetually referenced by Windows and remains running," the report states. As mentioned, this malware can render apps inoperable, corrupt user data, and send information to threat actors.

"What's particularly concerning about this attack is the fact that Roblox is primarily played by kids," the Avanan report said. "That means it can easily be installed on a personal computer, which might have little or no antivirus protection."

The report doesn't divulge whether Roblox is addressing the vulnerability, but the researchers offered suggestions on how to guard a PC against this attack. Don't download files from untrusted sites, regularly scan OneDrive and Google Drive for suspicious files (the Roblox backdoor Trojan was originally found in OneDrive), and ensure all your devices are protected with antivirus software.

Kimberly Gedeon

Kimberly Gedeon, holding a Master's degree in International Journalism, launched her career as a journalist for MadameNoire's business beat in 2013. She loved translating stuffy stories about the economy, personal finance and investing into digestible, easy-to-understand, entertaining stories for young women of color. During her time on the business beat, she discovered her passion for tech as she dove into articles about tech entrepreneurship, the Consumer Electronics Show (CES) and the latest tablets. After eight years of freelancing, dabbling in a myriad of beats, she's finally found a home at Laptop Mag that accepts her as the crypto-addicted, virtual reality-loving, investing-focused, tech-fascinated nerd she is. Woot!