So I was making this game with a few others when I noticed a suspicious script in ServerScriptStorage called ClientReplicator. Now, I know myself what ClientReplicator is, and I also know for sure that is not a script and it’s never in ServerScriptServince, it’s directly a service. Looking into the script, I found a ton of spaces, and at the very end, a require to a module. That module loads another module which I found to be a backdoor.
Here is the backdoor, it has all its exploiting groups and accounts assosciated in it.
Hydra SS Source.rbxm (100.0 KB)
It seems that if you are friends with the user: 1504596485, or in a group: 5682304, it will parent a gui into you to achieve server-sided execution.