Roblox users are being targeted with malicious Google Chrome browser (Opens in a new tab) Extensions that are looking to steal their passwords and personal data.
Two separate Google Chrome extensions called SearchBlox, which have more than 200,000 downloads combined, have been found to carry backdoors that allow attackers to theft (Opens in a new tab) Roblox credentials, as well as assets on Rolimons, a Roblox trading site.
SearchBlox is hosted on the Chrome Web Store, where they are advertised as search engines that allow users to quickly search through Roblox servers for a desired player. However, they both carry backdoors that put players at risk of attack or theft.
suspicious users
It remains to be seen if the SearchBlox developers built a backdoor, or if the tool was hacked at a later date.
The community has noticed that the Roblox inventory of one “Unstoppable” literally doubles overnight, raising suspicions that this is who built the stretch. Furthermore, a Rolimons user account named “ccfont” was also terminated due to “suspicious stock trades”.
The Roblox community is advised to immediately uninstall the extension, clear your browser cookies, and change the login credentials of Roblox, Rolimons, and other websites they are logged into while the extension is active.
A Google spokesperson confirmed to Computer that the extensions have been removed and that they will be automatically removed from the systems on which they are installed.
This is not the first time that Roblox users have been exposed to cybercrime. In May 2022, researchers discovered a Trojan file hidden within the legitimate Synapse X scripting tool which is used to inject exploits or cheat codes into Roblox.
Cybercriminals have taken advantage of Synapse X to install self-executing software on Windows computers that installs library files into the Windows system folder. This has the potential to break apps, corrupt or remove data, or even send information back to the cyber criminals responsible.
Across: Computer (Opens in a new tab)