How backdoors work
Backdooring on roblox is quite common. It’s done to abuse the game, get robux, or generally annoy the creator or the users.
Simple backdoors range from model viruses, to coregui modification.
Model Viruses
Model Viruses are usually hidden scripts in freemodels uploaded for malicious purpose. The most common Viruses:
Fire Spread
Lag
Jumpscares
Code-breakers
Destruction
Replication
PurchasePrompts
Fire Spread Viruses
These viruses use FindFirstChild() or GetChildren() to find suitable instances to insert a fire effect inside. The effect can vary in size, transparency, and heat.
It’s usually ran on .Touched() when it uses FindFirstChild().
Lag
These scripts may crash or lag players. Crashing is usually done by running
while true do end
locally on a specific or random player.
Lag is usually achieved by cloning multiple times objects in workspace.
Jumpscares
Jumpscare viruses usually use a pre-built GUI or make one on the go for less detection. The script makes an imagelabel and uses bypassed decals while playing an audio and attaching it on playergui.
Code-breakers
Codebreakers are rare, but usually, they rename workspace, lightning, serverscriptservice, or other accessible folders, breaking scripts that call them as a child. This can be avoided by using
game:GetService(“Players”)
instead of
game.Players
Destruction
Destruction scripts, you guessed it, destroy random parts by finding victim instances like Fire Spread scripts, and either delete them using Destroy(), or cause lag destroying them and using explosions. Changing transparency and CanCollide could also count as Destruction.
Replication
An essential part in complex viruses, duplicates the virus script and spreads it to random parts or a randomized service by using an array with the services inside and math.random().
PurchasePrompts
Yes, remember that samsung oven you just put in your game? That’s the cause of that oder looking shirt they want you to purchase! These scripts are usually hidden in re-uploaded freemodels or intentional freemodels. They use MarketPlace service to give a PurchasePrompt to a random player and waiting an interval. Yes, you won’t see these a lot more thanks to the AllowThirdPartyPurchasePrompts setting. Deletion of these can be done by doing CTRL + SHIFT + F and searching for “marketplaceservice” or “promptpurchase”.
ServerSide Backdoors
Commonly hidden in reuploaded Admin models and other freemodels, uses require() or getfenv() to hide it’s malicious code and run it efficently. The code usually runs another few modules or does everything by itself. The modules usually give a ServerSide GUI to specific players, or members of a group.
The darker part is, these backdoor-ers include another script snippet that posts to a discord webhook that tells them how many players are in your game and the link to your game.
This is usually included in a “Loading…” backdoor. This is how they can also hide the discord webhook poster by sending the data to another game using TeleportData. Deletion of these can be done by doing CTRL + SHIFT + F and searching for “require” or “getfenv” .
Dangerous Viruses and Scams
Aw man, we’re in the Danger zone. Remember that most of the viruses are simple and copied from other ones, most of them are old and broken. Unfortunately, some people just want to watch the world burn. They continue to have alts and support. These experienced scammers create one of the most complex roblox viruses. They can mess with CoreGUI or display a jumpscare when the player tries to leave the game. They can make a player instantly buy products, unfriend or block someone, and invite everyone in the game.
Because popular members in the communities noticed these, there might be a patch in the upcoming days.
Plugin Viruses
Plugin Viruses have the ability to modify scripts, insert backdoors, and even casue destruction. Always check carefully each plugin and only use them from trusted sources.