Baseless Malware Accusations Don't Hold Value

We're often asked if the software hosted on WeAreDevs (like JJSploit) is safe. The answer is yes! Let's quickly lay out the facts:

• JJSploit, when downloaded from wearedevs.net, is not malicious and developed by WeAreDevs.
• Your antivirus flags it because it changes how other programs on your system function.
• All exploits behave in similar ways, and they'll all typically get flagged down by your antivirus.

No one making accusations against our software has been able to satisfy the burden of proof when we asked for evidence. The most we were provided was an antivirus scan, which is not enough evidence to prove if an exploit is truly malicious because of their inaccuracies.

This confusion originates from inexperienced users jumping to conclusions, but if you genuinely find something malicious on WeAreDevs, report it to us with file hashes and static/behavioral analysis. We'll be sure to remove it swiftly.

Technical Explanation Behind False Positives

Your computer's RAM stores data that it needs to access quickly, like running programs. Roblox resides in your RAM when it is running. Exploits fundamentally have to modify Roblox's memory so they can access Roblox's scripting engine. This behavior can look suspicious to an antivirus because malware sometimes uses memory editing as a cloaking technique, but exploits typically only edit Roblox's memory. The changes made to Roblox are not persistent and disappear when it is closed.

Antiviruses love to flag cheats just to be safe, because they wouldn't want to be liable for damages. If heuristics triggered the alert, that’s called a false positive. These happen all the time, especially with cheats, but it even happens with common software! It's quite a mess, unfortunately. And if your antivirus flagged down your cheat as, "GameHack," well the name says it all: it’s a Roblox exploit. Full stop.

The Inaccuracies of Antivirus Software

Imagine scanning a simple C++ program that just prints “Hello World.” Harmless, right? It opens a console, prints text, and exits. Nothing malicious. Yet, some antivirus software flags it. In this experiment, I wrote a basic “Hello World” program in Visual Studio 2026, compiled it in Release mode, and scanned the executable with VirusTotal.

Here's what happened:

https://i.imgur.com/lyPTGMv.png

VirusTotal flagged it as malicious on four providers:

• DeepInstinct: MALICIOUS
• MaxSecure: Trojan.Malware.300983.sugen
• SecureAge: Malicious
• Symantec: ML.Atribute.HighConfidence

Remember, this is a program that only prints text. Why the flags?

It’s simple: these antivirus tools use very generic classifications. Terms like “susgen” or “ML…HighConfidence” often mean “suspicious behavior,” not actual malicious intent.

You can read more on false positives and get access to the binaries and links here:

https://github.com/reversed-coffee/false-positive-lab?tab=readme-ov-file

Staying Safe When Exploiting

If you're a bit more tech-savvy, we recommend that you set up a virtual machine and run your exploits in it. Virtualization allows you to run separate computers inside of your computer. Running your cheats in a virtual machine not only protects Roblox from tracing your host computer's identifiers, but it also protects your host computer from malware.

Also, please do not cheat on your main accounts! Remember that cheating in Roblox is against their terms of service, and they have every right to ban your account if they catch you. Exploit developers typically try to thwart Roblox's detection, but even if a cheat claims to be undetected, don't trust it.

When someone says an exploit is "undetected," what they really mean is that the developers have tried their best to hide from Roblox, but Roblox is quick to roll out new updates that can potentially detect your cheats. It's impossible for even the exploit developers to know if they are truly undetected when a new update rolls out before they can reverse engineer it.

Determining if an Exploit is Undeniably Malicious

To determine if an exploit is truly malicious, you need to go full detective mode, and that means you're going to need experience in reverse engineering. Simple antivirus scans aren’t enough because they're inaccurate as hell. The following paragraphs will explain some tools and approaches that can help.

Start by monitoring network activity using tools like Wireshark or MITMProxy. Look for unexplained, persistent TCP connections, which could indicate a remote access trojan (RAT).

Next, track system activity with Procmon to see what files, registry keys, and system internals the program interacts with.

For deeper inspection, you can use disassemblers or decompilers like IDA Pro, Ghidra, Binary Ninja, or any disassembler/decompiler of your choice. These tools let you reconstruct the program into human-readable code to understand its behavior.

If this process seems too complex or overwhelming, I'd recommend trusting the professionals who have experience with malware analysis, not your friends.

TL;DR

• JJSploit is safe. When downloaded from wearedevs.net, it is not malicious.
• Unofficial downloads are risky. JJSploit offered on other websites could be malicious.
• Antivirus scans alone aren’t proof. Alerts don’t automatically indicate malware; deeper analysis is required.
• Investigate responsibly. Malware analysis tools can help if you want to confirm a program’s behavior.