recently I've been getting spammed by viewers about a DM that they got on Discord about this Solara cheat for Roblox now I'm going to tell you if it's a massive scam and why you should honestly never download Game cheats in the first place because there's some juicy Roblox cheater gossip that just dropped on Twitter now first I want to actually talk about this scam that a lot of people are getting through their DMS check out this free executor Roblox and they drop a Discord invite link now if multiple people are spamming your DMs with the exact same message this is clearly a scam but I join the server and well within a minute we've had eight people join the server and and honestly I I mean there's so many people that join just today so it's a pretty good indication that a lot of people are either going to get scammed or going to sober up and stop huffing farts and realize this is a scam now what is Solara well first there's two channels of update and download we'll go to download cuz it actually explains what's going on but Solara is a Roblox script executor it's a cheating tool which allows you to run code or scripts on Roblox mainly to cheat because why enjoy playing video games like a normal human being when you can just run a script and let the computer play the game for you but discover the power of Solara the best Roblox script executor designed to enhance your gaming experience if we scroll down there's a download link to a setup. zip file which is 15.55 megabytes now if we go to the update channel the latest version is 2.54 with some random numbers and it's a download again to setup. zip with 15.55 mbes they're the exact same file now I want to point out that this download is being sent by a Discord web hook now this tag thing here is because I have a ven cord plugin but if you didn't have ven cord if you click on a profile you'll see that it says app and it's like this blank profile that's a web hook now why is this download being sent through a web hook well there's two reasons I can think of first off this looks more official if you're a kid that would cheat on Roblox so low intelligence low IQ but if I had to guess I think scammers believe that sending this is obviously malware the cats out of the bag oh no but I'm pretty sure scammers believe that if they send malware through a web hook they won't get punished and they won't get get their Discord account banned anyways enough with the Yap I'm just going to download the setup. zip file now I'm going to be a little bit lazy here and just open up inspect elements and get the exact link from this so that I don't have to deal with downloading it and uploading it so I got that download link and I threw it into triage which I'll have Linked In the description it's basically a browser virtual machine that allows you to do malware analysis without having to set it up yourself but if I go full screen on this bad boy and the quality drops by five gazillion pixels I downloaded the good old setup. zip file from discord.com now when I extract this bad boy which uh it's Windows 11 I don't know how to use this thing extract all right we're good we get this new setup folder and when I open up the setup folder you can see that we have setup.exe with no icon definitely not suspicious at all and when I double click on this bad boy publisher could not be verified are you sure you want to run this yeah I want to cheat in Roblox I'm going be honest with you this thing didn't pop up when I first looked at this malware but it's telling me to install web view 2 sure now while all that bogus is going on in the background I want to point out that uh while this was loading and downloading I looked through all these files and specifically this rxy mixer resources. d.m if I open it with notepad which for some reason is like completely uh just straight awful on the Windows 11 virtual machine so I just rename it to a txt file and open it up a notepad you'll notice this one's my favorite in the txt file it says spyware and malware a great sign of what's to come and in fact alsoo conveniently in the background it turns out the setup .exe application opened up and it opened up to this menu here Windows if you are not robot press continue this is a tough one boys what do I do so I press the big continue button and after clicking that continue button I waited a solid 10 minutes and nothing happened and here's a good word of advice if you download and run a sketchy setup.exe file and nothing happens after you run the file you just downloaded malware on your computer but anyways since I ran this file and absolutely nothing happened it's time to terminate the analysis and see what actually happens behind the scenes uh-oh spaghettio something's not looking too good when this thing pulls out a solid 10 out of 10 for being bad so opening up this report you can see oh I'm going to zoom in a little bit for my grandma viewers but we got a 10 out of 10 and it's not like a math test the higher the number the worse it is and if we scroll down it turns out the application we just ran is something called ratam manthis in what is ratam manthis good question let me open up a website which explains it a little bit better than I could ratam manthus according to PC risk is a Steeler type malware that extracts data from your infected computer and what is that extracted data well it's your usernames and your passwords that were saved on your browser as well as your browser cookies not just for your Roblox account but also for every single account you've logged into on your browser now you might be asking what exactly happens when I run that sketchy setup.exe file well I could spend the next 10 minutes explaining everything and then I'd get to a point where I just start talking out of my rear ends but it's typical malware stuff it adds exclusion paths so Microsoft Defender won't do things with the malware it downloads more pieces of malware and it does startup stuff if you really want I'll have this analysis in the description if you want to look at it but the main thing that caught my eye is that in the network request part we can see that setup.exe sends a get request to a German website which uh never heard of this one before and I decided you know what maybe there's some new Roblox cheats on this bad boy so I went to the website and I'm no linguist or anything but this this does not look German but I have the power of right clicking and clicking translate to English and it turns out when you visit this website it shows you the statistics of the malware we can see that 3,973 people have launched this piece of malware the same number in the last 2 weeks the same number in the last week and in the last 2 days 929 people launched this malware and just today in the last 24-hour period 451 people fell for the scam oh my God now I want to point out while I was researching the scam I learned something a little bit strange because I was searching on the good old Google looking for Solara and apparently Solara is a well-known Roblox cheating tool and I kind of got a little bit excited because did I just bust some massive Roblox cheating ring that turned into a Russian scam operation in my dreams I did but in reality no I didn't because it turns out this scam server is actually impersonating another Solara server that claims to be the real one now is this the real salara server can I download the cheat from this one and be safe I ain't going to tell you boy because it's going to cost a lot of issues both for YouTube and for two other reasons but the first thing is that if I give you an invite link to the Apparently real Discord server it's going to lead to a bunch of people getting scammed because it's time to pull out the Discord snitch handbook but according to the Discord Community guidelines rule number 24 you are not allowed to share content that violates anyone's intellectual property or other rights this includes sharing or selling game cheets or hacks which means that I could go to this message report this message to Discord for hacks cheats fishing or malicious links and if I send this report there is a very good chance that this server will get banned off Discord now here's the funny thing the people that are reporting these messages for being cheat aren't just people who don't like cheating in Roblox it turns out the people reporting these messages are also the scammers as well because if the scammers manag to ban This Server which by the way has a whole bunch of boost so you know it has a custom invite link 200,000 people know that invite link to be the real one in air quotes but if the server gets banned the scammer can steal that invite link and turn it into a scam server just like like this one but the second reason why I'm not going to recommend cheating in any video games at all is because they're just way too risky and are never worth it the reward of cheating in Roblox is that you might have a little bit more fun and you might be able to annoy some kids by griefing their escape from Charlie demilio Roblox Obby now whenever you download and run an app on your computer like Discord you trust that the developers of the application you're running are both two things one they're competent enough where their application isn't going to make your computer vulnerable to malware but the second thing is that you also trust that the developers of Discord aren't going to turn their app into malware and you know that first thing talking about vulnerabilities well let's get to the Roblox cheater gossip drama thing that I tease at the very beginning because Oho recently an absolute hit tweet just came out on the internet about how Roblox cheaters got hit with a surprise and just a little bit of background there's something called wave which is a Roblox cheat engine it's kind of like Solara it allows you to execute scripts and code on Roblox but wave had one extra feature it's called being coded like hot garbage because it turns out if you run a very specific script using the wave cheat software it could abuse a vulnerability in wave to gain access to your system and when someone does an exploit like this they could do whatever they want on your computer they could upload and run files that could steal your Roo Discord they could also delete system 32 if they wanted they could do anything they want just by making you run a script using that cheating software now fortunately for anyone that ran the script that didn't happen but they made it very clear that if someone else exploits this vulnerability uh they aren't just going to give you this big warning they're just going to steal everything they can anyways they give you advice to file a charge back through your bank and they uninstalled the cheat engine for you so thankfully latte which is a group by the way it's not an individual but thankfully this group of people decided not to steal everyone's usernames and passwords and instead give you a warning that this cheat engine software is hot garbage now what happens when this 3.7 million view tweet went viral and started spreading across the Roblox cheating scene will the developers of wave allegedly tried to hide this problem and sweep it under the the rug which remember how I was talking about trustworthiness ignoring a problem and trying to hide it is the polar opposite of being trustworthy now fortunately later they did patch this vulnerability but again this goes to my second point it gives you an Insight on how these Roblox cheat developers are not very trustworthy and with the Solara cheating tool there is a perfect storm for an exit scam because the way Solara works right now is that it's a free download but when you download and use Solara you need to go through link for ties apparently you need to wait an entire hour with link for ties which is horrible and if you don't know link for ties is one of those websites where if you want to download something sure let's get this thing that's definitely not malware when you open it up turns out I need to wait to get access now this is only 10 seconds but for the Solara people they set it to a whopping 1 hour and while you're waiting for an hour for things to happen this website is just showing you ads up the woo so all those ads from link for ties is how salara makes their money but it's not a lot ad Revenue isn't a whole lot and there is nothing stopping them from making a new entire update oh this new one just happened but nothing is stopping them from making an update that is actually just a piece of malware and using that malware they can steal all your Roo and make even more money and it honestly doesn't feel like a reach because they already greeted out with the 1our link vertise weight they're trying to make as much money as possible and this is just the next logical step for someone that has absolutely zero ethical code breaking news ladies and gentlemen ladies and gentlemen so it seems like Discord woke up this morning and chose violence because when I went on my Minecraft Vault account you'll notice Discord has banned the server off the platform but there's also collateral damage because if you look at my servers on the left here the other server that I was looking at also got banned now this is both a great thing and a bad thing it's good that people aren't going to potentially put themselves at risk of an exit scam the bad thing though is that all those Roblox cheaters are going to start getting a hissy fit saying no text to speech got the server bans and they're going to send me C4 in the mail or something anyways all that risk so that you could fly around in a Roblox OB icle course just get good or just play a different game like get eaten by James Charles 2 Obby scary in parenthesis bye-bye I love you