Listen to the episode
TLDR
Attackers are stealing complete Roblox games by posing as recruiters on Discord and tricking developers into running a malicious file disguised as a "project manager tool" or Python package called "robase". Once executed, an infostealer...
How it works
Attackers are stealing complete Roblox games by posing as recruiters on Discord and tricking developers into running a malicious file disguised as a "project manager tool" or Python package called "robase". Once executed, an infostealer...
Red flags
- Unsolicited Discord DM offering a "project manager" or beta testing role, especially from a stranger or a newly created account Request to download and run a custom installer, Python package, or "database tool" that is not on an official repository Sudden logout from Roblox and Discord simultaneously, followed by changed passwords, 2FA, and passkeys
What to do
- 1Never run files or install packages sent by people you do not know in person
- 2verify any job offer via a second channel Test any unfamiliar software inside an isolated virtual machine, never on a device where you are signed in to Roblox, Discord, or wallets Review a
Source
malwarebytes
Source reviewed by Mythos Forensic Team
https://www.malwarebytes.com/blog/scams/2026/06/roblox-developers-are-losing-entire-games-to-malware-attacksFAQ
Is Roblox developers lose entire games to fake job offer malware on Discord a real scam pattern?
Yes. Treat the message, call, or payment request as suspicious until you verify it through an official channel.
What are the first warning signs?
Unsolicited Discord DM offering a "project manager" or beta testing role, especially from a stranger or a newly created account Request to download and run a custom installer, Python package, or "database tool" that is not on an official repository Sudden logout from Roblox and Discord simultaneously, followed by changed passwords, 2FA, and passkeys
What should I do first?
Never run files or install packages sent by people you do not know in person; verify any job offer via a second channel Test any unfamiliar software inside an isolated virtual machine, never on a device where you are signed in to Roblox, Discord, or wallets Review a
Can LegalAudit check my case?
Yes. Start a free chat and paste the message, link, sender, or payment details for triage.