A new danger targeting Roblox players has emerged in the form of a malicious imitator posing as the legitimate Noblox.js and Noblox.js open-source downloads.
Noblox.js is a JavaScript-based open-source Roblox API wrapper that interacts with the game’s website.
With 1,642 weekly downloads, this is among the most popular third-party node packet manager (NPM) downloads for Roblox.
🚨 Alert to #Roblox developers: The Socket research team delved into a flagged malicious npm package pretending to be Noblox.js aiming to steal data from Roblox users. Check out the full analysis on the blog: https://t.co/IDn60Nwv3r
— Socket (@SocketSecurity) February 6, 2024
How has this dangerous NPM package deceived Roblox users?
NPM is the largest software registry globally and a common platform for developers to share and install software related to JavaScript Object Notation (JSON), a lightweight data storage and transportation format.
As highlighted by the Socket, the harmful NPM package is called noblox.js-proxy-server, deliberately similar in name to the legitimate Noblox.js.
According to the Socket Research Team, three tactics were used to make the malware appear authentic: brandjacking, typosquatting, and starjacking.
While these terms might sound complex, they describe how a malicious entity can present itself as legitimate effectively.
Brandjacking — An approach that mimics a brand to seem legitimate, hoping to deceive less attentive users.
Typosquatting — Exploiting search mistakes or typos to lead users to a seemingly legitimate but harmful trap.
Starjacking — Utilizing positive brand reviews and star ratings unrelated to the product to deceive users, similar to cloning a well-rated Instagram account.
The Socket Team discovered that the malicious NPM package is designed to extract data, such as Roblox usernames, by scanning specific file extensions and adding them to a zip file.
Subsequently, this zip file is uploaded to a specified server URL, triggering a webhook to a Discord server containing details about the uploaded file, repeating this process every 4,000 milliseconds.
Thanks to the efforts of the Socket Team, awareness has been raised about this malicious digital threat to Roblox’s 70.2 million daily users and 216 million monthly active players.
In other Roblox news, the game revealed progress in artificial intelligence (AI) with a real-time text translation feature for users.
Image: photo by Sora Shimazaki; Pexels
