The IT security company Zscaler warns of a Tweaks malware, also known as Tweaker, which criminal masterminds have spread in a campaign among “Roblox” users. As the company's Threatlabz report, the malicious actors use platforms such as YouTube or Discord to try to avoid detection through web filters.
Advertisement
In a blog post, Zscaler's IT researchers explain that the malware is delivered as frame rate optimization packages that promise higher frames per second (fps). If a potential victim executes such a file, they will infect their system with the malware.
Tweaks: Malware endangers all systems in the household
The malware campaign targets “Roblox” users, almost half of whom – 45 percent – are younger than 13 years old. There is a risk that the pest will infect other systems in the household, such as the parents' work tools. This not only puts the “Roblox” account data at risk, but also the data and the devices themselves could be compromised, the IT researchers explain.
According to the company, 71.5 million users play “Roblox” every day. It offers different user-generated games and experiences. A pleasant user experience with nice, high frame rates is very important. This is where the attackers come in, as many optimization tools for hardware are offered via YouTube or Discord. During the current malware campaign, the IT researchers observed that cybercriminals misused YouTube instructions to trick users into deactivating the virus scanner to optimize speed. The video description then contains links to the attackers' Discord groups. After joining such a group, the perpetrators provide links to the malware disguised as optimization tools or game mods.
The Tweaks malware is an infostealer based on Powershell. It exfiltrates sensitive information such as user information, location, Wi-Fi profile and passwords, “Roblox” IDs and game currency details. Using a Discord webhook, the malware sends the information to servers controlled by the attackers.
To minimize risk, “Roblox” users – and of course other players as well – should only use legitimate applications from reputable and safe sources; The IT security researchers recommend that unknown or untested places of origin such as social networks should be avoided. The blog post lists a few Indicators of Compromise (IOCs, evidence of an infection) that those interested can check.
At the beginning of February, “Roblox” hit the headlines because the gaming platform introduced real-time translations using an AI model. 16 languages are supported, including German.
(dmk)