• Dev Notes
  • Posts
  • Roblox Devs Targeted by Year-Long Malware Campaign

Roblox Devs Targeted by Year-Long Malware Campaign

Good Morning! Sorry, we missed you guys on Monday. Moving forward we’ll work on being more consistent and I hope you guys enjoy today’s issue because there is lot of news!

Roblox Devs Targeted by Year-Long Malware Campaign

Roblox

For over a year now, some sneaky attackers have been targeting Roblox developers through malicious npm packages. They've been impersonating the popular "noblox.js" library, publishing dozens of packages designed to steal sensitive info and compromise systems.

What's New: The bad actors are getting creative with their disguises. They're using a mix of brandjacking, combosquatting, and starjacking to make their malicious packages look legit. Think names like "noblox.js-async" or "noblox.js-thread" - pretty convincing, right?

But wait, there's more! The malware's capabilities are no joke:

  • Discord token theft

  • System info harvesting

  • Persistence through Windows registry manipulation

  • Deployment of additional payloads (hello, QuasarRAT!)

The kicker?: Even though npm's security team has been taking down these packages, new ones keep popping up. The attacker's GitHub repo is still active, which means this threat isn't going away anytime soon.

Read More Here

Xbox's Dev Support Under Fire

Microsoft

Xbox has been losing ground lately, with several high-profile games either skipping the platform or facing significant delays. The latest? Enotria: The Last Song, a Soulslike game inspired by Italian folklore.

What’s Happening?: Jyamma Games, the studio behind Enotria, dropped a bombshell. They claim their Xbox version is ready to go, but they can't submit it due to a bug in Microsoft's store page system. Even worse? Microsoft ghosted them for two months. Ouch.

But wait, there's more:

  • Baldur's Gate 3 was MIA on Xbox for months after its PS5 release

  • Capcom's retro game ports initially skipped Xbox entirely

  • Dune: Awakening devs are sweating over Xbox Series S optimizations

The tech breakdown: These issues seem to stem from a mix of hardware constraints (particularly with the Series S) and what developers perceive as lackluster support from Microsoft. It's a double whammy that's left devs frustrated and Xbox fans questioning their platform loyalty.

With Microsoft pushing cloud gaming and bringing exclusives to rival platforms, the Xbox's future as a dedicated gaming console looks shakier than ever. Unless Microsoft steps up its dev support game, we might be witnessing the early stages of a platform death spiral.

Read More Here

Android 15 Drops: What Devs Need to Know

Harish Jonnalagadda / Android Central

Google's been teasing us with developer previews and betas, but now Android 15 is officially out in the wild. It'll be rolling out to Pixel devices in the coming weeks, with other manufacturers following suit in the months ahead.

What's New:

  1. Typography & Internationalization: Variable fonts are getting a boost, with FontFamily instances now auto-adjusting wght and ital axes. Plus, NotoSansCJK is now a variable font, opening up new typographic possibilities for CJK languages.

  2. Camera & Media: HDR headroom control with setDesiredHdrHeadroom, intelligent audio volume adjustment, and Low Light Boost for better previews in dim conditions. Oh, and virtual MIDI 2.0 device support!

  3. UX Improvements: Edge-to-edge display by default for SDK 35 targets, and improved split-screen multitasking.

  4. Security Enhancements: New Private Space feature, passkey support, and the ability for apps to detect if they're being recorded.

For the curious: The source code is already available on AOSP, so you can start tinkering right away. Just remember, with great power comes great responsibility (and probably a few bugs to squash).

Reads More Here

🔥 More Notes

  • Wikimedia Slashed 300ms Off Every WASM Execution with WasmEdge: This quarter, the Abstract Wikipedia team committed to improve system performance. The biggest change was a re-write of the back-end "evaluator" service to pre-load WASM instead of loading it on request, resulting in 3-12x faster single requests and 30% faster saturated requests.

  • Firefox will consider a Rust implementation of JPEG-XL: Mozilla is working with Google to develop a Rust-based JPEG-XL decoder for Firefox, in order to address security concerns with the existing C++ implementation.

  • Generative AI Banned on StackOverflow: All use of generative AI (e.g., ChatGPT and other LLMs) is banned when posting content on Stack Overflow. This includes "asking" the question to an AI generator then copy-pasting its output as well as using an AI generator to "reword" your answers.

📹 Youtube Spotlight

Generative AI is not the panacea we’ve been promised | Eric Siegel for Big Think+

Big Think

Was this forwarded to you? Sign Up Here