The Background of Adonis Code Hijacking
A popular moderation system in roblox, Adonis, has been commonly copied and parts of the code changed in order to fit the malicious intent of an hijacker, which plans to use the code to benefit them in terms of Admin or Currency.
There are some commonly recognized types of code modifications:
- The Visit or “Loading…” Hijack
- Changed Donation Ids
- Marketplace Pop-ups and Scams
1. The Visit or “Loading…” Hijack
Visit Hijacks are usually short and hidden as “Loading…” or execuses for background checks from Adonis on a player. It’s usually done to get visits, then rename the game, or get premium payout by lengthening the time wait. “Adonis Premium” utilizies the “Loading…” hijack to send and receive data with the player teleport regarding the server and if Http is on, This allows the Premium Module instead of the Adonis one, which has the Artemis title in it, to send a discord webhook to the hijackers which allows them to see how much players are there and the game link, this Artemis panel also gives the hijackers Admin, features of the panel include FE trolling scripts and panels commonly found in non-working FE local hacks.
Adonis Premium seems to have the commonly recognized Loading… hijack, but at the same time, it loads a FE semi-hack effects plugin on specific members of a group and notifies a discord webhook when the game is run on studio.
Code from the “Loading…” place side has not been found, as thankfully the place and the owner of the model have been moderated.
2. Changed Donation Ids
Another common tactic to scam and gain by hijackers has been modifying the DonorPass Id inside the Module, this can be easily recognized by checking the original module Id used in the loader, some plugins have been known to hijack the code of a normal Adonis copy and alter a lot of things just by changing the module Id. Some hijackers or plugins can bypass detection or search by using getfenv() instead of require()
The altered Gamepasses and Developer Products leads to all donations in the module going straight to the product creator making him gain tons of currency in one single day.
3. Marketplace Pop-ups and Scams
Some hijacked Adonis versions use hidden scripts, mostly in the dropper or loader as they “hide in nil” making them unnoticeable with basic tools.
The hidden scripts could do anything, including launching pop-ups of random clothing items every set time in the script. Some rare cases include scams which induce the player to click in specific buttons set near the Purchase button of Marketplace Service Pop-ups, which usually use small products of 5–20 R$ to make the player click repeatedly and waste all of their R$.
Patching
There isn’t a cure. Unfortunately, most games contain unexperienced players trying to build their first creations, this is when they can mostly get tricked, there are groups with the same name as the original creator, Sclerats instead of Sceleratis (Sclerats is the hijacker of Adonis in Adonis Premium)
The only thing we can do is prevention and communication.
Something happened, found a malicious hijacked copy of an Admin System?
Report it immediately, even better, contact us and send us the model link and we will try to find the inner gears of the backdoor or hijack.
For now, we highly suggest you check carefully each model you put in your game, make sure it is the actual owner of the model who uploaded it and make sure the Module ID stays the same.
Adonis Original Model: https://www.roblox.com/library/2373505175/Adonis-Loader-BETA-Sceleratis-Davey-Bones
Adonis Original ModuleID: 2373501710
A partial fix for the “Loading…” hijack
Wonder how to reduce the effects of the Loading… hijack and even prevent it in the first place and other versions of it? Try turning off:
Game settings > Security > Allow Third Party Sales = [OFF]
Game settings > Security > Allow Third Party Teleports = [OFF]
Of course it might be useful to other non-malicious parts of your games and might break some scripts if you have a complex game, so always inspect freemodels!