The Daily Decrypt
Roblox Malware, FakeBat Malvertising Surge, and Tor's WebTunnel Censorship Evasion

Today, we uncover a Roblox malware scam, explore the rise of FakeBat through malvertising, and highlight Tor’s innovative WebTunnel for evading censorship. From the playful realms of Roblox to the frontlines of digital freedom with Tor, this episode is a journey through the evolving challenges and solutions in our online world. Protect your digital footprint and join the conversation on cybersecurity, privacy, and the relentless quest for a free internet.

Article URLs:

Thanks to Jered Jones for providing the music for this episode.

Logo Design by


Roblox, malware, cybersecurity, digital privacy, FakeBat, malvertising, Tor, WebTunnel, online security, internet censorship, gaming, digital rights, data protection, hacking, antivirus

Search Phrases:

  • How to protect against Roblox malware
  • Understanding malvertising and FakeBat malware
  • Tor’s WebTunnel for bypassing internet censorship
  • Latest cybersecurity threats 2024
  • Safe gaming practices for parents and children
  • Fighting digital surveillance and censorship
  • Effective antivirus and malware protection tips
  • Digital privacy concerns in online platforms
  • Strategies for secure internet browsing
  • Overcoming hacking in gaming communities
  • Enhancements in Tor for secure communication
  • Detecting and preventing online ad-based malware
  • Innovations in digital privacy and security
  • Techniques for safeguarding personal data online
  • Analysis of current cyber threats and solutions


Mar 14

[00:00:00] offsetkeyz: A nefarious malware targets Roblox users, tricking them with the false promise of enhanced gameplay, only to steal personal information.

[00:00:12] HGF: Fake bat malware leaps from the shadows of online ads, preying on unsuspecting victims with the disguise of legitimacy.

[00:00:20] offsetkeyz: Tor Project unveils WebTunnel, a masterstroke in digital disguise. Outmaneuvering censorship with a stealthy sophistication.

In the digital playground of Roblox, a new villain lurks. Not in the game, but in the guise of a performance boost.

[00:00:42] HGF: Oh, Roblox, where my niece says she’s gonna be the next digital Picasso. But really, what is it? Just a bunch of blocky characters bumping into each other?

[00:00:50] offsetkeyz: It’s more than that. Roblox is a sprawling online platform that lets users design, play, and share their own games and experiences. Think of it as [00:01:00] a digital Lego set, but with infinite pieces and possibilities.

[00:01:04] HGF: Infinite pieces? You’re saying if I wanted to build a castle with a moat filled with laser sharks, I could? Mmm,

[00:01:11] offsetkeyz: sharky. Absolutely! Roblox provides the tools and the canvas. Your imagination brings it to life! Roblox It’s powered by a robust game development system that lets creators script events, design levels, and even monetize their creations.

[00:01:27] HGF: Monetize? So kids are making bank on this? My lemonade stand suddenly seems less impressive.

[00:01:34] offsetkeyz: Yep, gone of the days of lemonade stands. Some developers on Roblox earn serious money through in game purchases using a virtual currency called Robux. It’s a whole economy.

Roblox is a vibrant community with millions of user generated games. There’s something for everyone, from obstacle courses and simulators, to role playing games and beyond. But here’s the twist. Discovered by Zscaler’s Threat [00:02:00] Labs, attackers are exploiting platforms like YouTube and Discord to distribute a malware called Tweaks, or Tweaker.

It promises to optimize your frames per second, but instead it’s a one way ticket to Hacksville. So,

[00:02:15] HGF: it’s like ordering a performance enhancing smoothie but ending up with a bellyache that steals your wallet?

[00:02:21] offsetkeyz: Oh yeah, there are tummyache survivors out there. But this PowerShell based malware silently siphons off sensitive data.

Think Wi Fi passwords, location, Roblox IDs, and even in game currency. Like

[00:02:35] HGF: a digital pickpocket. But wait, PowerShell? Is that like a superhero power?

[00:02:40] offsetkeyz: Quite. PowerShell is a scripting language for Windows, often used by system administrators for automation, but in our villain’s hands, it becomes a tool for theft.

[00:02:51] HGF: I see, so they’re using PowerShell for evil. Got it. How bad is this

[00:02:57] offsetkeyz: breach?

Given Roblox’s [00:03:00] massive user base, where 45 percent are under 13, the scale is concerning. It’s not just gamers at risk, it’s potentially their parents and even corporations, thanks to remote work blurring the lines between personal and professional devices.

[00:03:15] HGF: Yikes, so my quest for smoother gameplay could put dad’s spreadsheets in jeopardy?

[00:03:21] offsetkeyz: Precisely! The attackers cleverly disguised their malicious intent, using legitimate looking videos and discord communities to spread tweaks. They even offer a free version to lure users into their trap. Free?

[00:03:36] HGF: Sounds like the only thing free about it is the trip to hackerland. What can the good folks at home do to protect themselves?

[00:03:43] offsetkeyz: The golden rule is stick to reputable sources for game enhancements, avoid disabling antivirus software for dubious downloads, and maintain skepticism towards too good to be true offers on social platforms. Got

[00:03:57] HGF: it. Keep it legit or risk a cyber hit. [00:04:00] Any word from the digital knights at Zscaler?

[00:04:03] offsetkeyz: Zscaler’s Threat Labs is on the front line. Their sandbox technology uncovering the murky tactics and techniques of this malware campaign. It’s a reminder of the constant cat and mouse game in cyber security.

[00:04:15] HGF: So the moral of the story, if an FPS booth sounds too good to be true on Discord or YouTube, it probably is.

[00:04:29] offsetkeyz: February saw a surge in search based malvertising.

with Fakebat leading the charge. A cunning malware distributed through ads for popular software, which was reported by Malwarebytes on Tuesday. See the link in the show notes.

[00:04:44] HGF: Fakebat? That sounds like a villain from a Saturday morning cartoon. So what, now I can’t even click on things I search for with

[00:04:51] offsetkeyz: Google?

Remember, if you’re searching for something specific, try not to click on the advertisement results. Anyone can buy these advertisement [00:05:00] spaces, and trick you into clicking them by impersonating the site you’re trying to find. This malware has been impersonating brands like Parsec and FreeCAD. Both are cutting edge technologies in their respective fields.

Like a wolf in sheep’s

[00:05:14] HGF: clothing. How do they even get these ads in front of people?

[00:05:18] offsetkeyz: malvertising campaign gets creative., They’ve leveraged URL shorteners and even compromised legitimate websites, making these malicious ads appear trustworthy. Victims are lured into clicking, which kicks off a redirect chain ending in malware installation.

Once installed, Fakebat reaches out to its command and control servers, putting victims data at risk.

So, what’s

[00:05:41] HGF: the digital equivalent of locking our doors and windows?

[00:05:44] offsetkeyz: The key is caution. Avoid clicking on ads for software downloads, and ensure your system’s security measures are up to date. Utilizing tools like Threat Down DNS Filter can block malicious ads at the source, offering a layer [00:06:00] of protection.


[00:06:01] HGF: it. Be skeptical of too good to be true ads and maybe invest in a cyber guard dog. How is Google dealing with this ad

[00:06:09] offsetkeyz: apocalypse? The incidents have been reported to Google, highlighting the ongoing battle between security researchers and malvertisers. It’s a digital cat and mouse game. with each side constantly evolving their strategies.

[00:06:23] HGF: This actually happened to me when I was shopping for a pan at our place. It was like a website. I clicked on the sponsored one and it was like at our place. com and it almost got me, but the font looked a little bit off. Really? Yeah. I think I sent it to, this is like last year, but I’ll never forget how identical to the site it looked, but everything was on super sale and it was like, hurry, act now.

And they never do that. And I was like, Good

[00:06:50] offsetkeyz: catch. I actually had a friend order shoes at my recommendation from my favorite shoe store called Vivo Barefoot. Except he went [00:07:00] and googled it, and it, the first one on Google was vivobarefootusa. com, and he actually ordered shoes from them. And never got

[00:07:09] HGF: them.

[00:07:10] offsetkeyz: And never

[00:07:12] transition: Uh, uh, uh, uh, uh, uh.

[00:07:24] offsetkeyz: The Tor Project has just unveiled their latest innovation, WebTunnel. A new bridge designed to camouflage Tor connections amidst regular HTTPS traffic, making it a formidable foe against censorship. Tor is all about privacy and overcoming digital barriers.

Bridges in the Tor network are like secret pathways that aren’t listed in the public directory, helping users connect without drawing attention. However, countries with tight censorship have gotten better at spotting these connections, Causes the need for WebTunnel, which disguises Tor traffic to look just like any other HTTPS web traffic.[00:08:00]

This makes it much harder for these countries to block without also disrupting HTTPS connections, which are vital for a secure internet. How does this magic work? It’s all about the art of disguise. WebTunnel wraps Tor’s data packets in a layer that mimics WebSocket like HTTPS connections. To any observer on the network, it appears as if the user is simply visiting websites, making it difficult to distinguish and block Tor users specifically. And what about

[00:08:29] HGF: those living under the watchful eye of Big Brother? Any luck for

[00:08:33] offsetkeyz: them? That is the heart of the matter. WebTunnel proving to be effective in countries who govern internet usage, but some of them, like China and Iran, are figuring out ways to detect it.

Tor recommends adding a layer of obfuscation using the OBFS4 protocol.

[00:08:52] HGF: OBFS what? Sounds like something out of a spy novel.

[00:08:56] offsetkeyz: Not far off, oBFS4, or as I like to [00:09:00] call it, the OB4 Skater, is a protocol designed to disguise internet traffic, making it difficult for third parties to determine what’s being transmitted. This is crucial in places where censorship is rampant and access to information is restricted.

[00:09:15] HGF: Hide and seek with your internet connection.

If I’m in a country that’s not too fond of free information, it’s OBFS4 could be my ticket to

[00:09:23] offsetkeyz: the wider world. Exactly, yeah. OBFS4 is a critical tool for those in oppressive regimes, offering a lifeline to unrestricted information. It exemplifies the ongoing battle for digital freedom, ensuring that the internet remains open and accessible to all.

A lot of companies IT departments block Tor on their network. For good reason. So, the main purpose of the WebSocket is to allow citizens of oppressive regimes to Access the internet unrestricted, but I’m wondering what the implications will be for IT departments trying to detect [00:10:00] this type of traffic on their networks.

It will blend in with everything else, which could open some, some floodgates for some activity.

And that’s all we’ve got for you today. Huge thanks to Hot Girl Farmer for joining us and delivering the news. And we will talk to you some more tomorrow.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.