It’s Not Phishing, It’s UX: How Platform Design Pushes Users Toward Malware

Zynap analysis finds a large-scale credential theft campaign targeting Roblox users driven by demand for free Robux: 48M compromised Roblox credentials were observed, and a statistically significant sample (253k hashes) showed 82% followed a funnel from free-Robux discovery on social platforms to file downloads, with 27% involving Roblox-specific executors that bypass the Luau sandbox and enable infostealers (notably RedLine, LummaC2, Vidar, StealC). The report highlights platform design dynamics that create economic pressure on primarily Gen Z users, cross-device infection patterns (mobile discovery → Windows execution on shared devices), and recommends shifting to preemptive, behavior-based defenses to address ecosystem-level risk.