Roblox users are being targeted with the malicious Google Chrome browser (opens in a new tab) extensions that seek to steal your passwords and personal data.
Two separate Google Chrome extensions called SearchBlox, with more than 200,000 combined downloads, were found to have backdoors that allowed attackers to steal (opens in a new tab) Roblox credentials as well as assets found on Rolimons, a Roblox business website.
SearchBlox was hosted on the Chrome Web Store, where it was advertised as a search engine that allowed users to quickly search Roblox servers for a desired player. However, both carried back doors that put players at risk of attack or robbery.
Whether the backdoor was built by the developers of SearchBlox or if the tool was compromised at a later date remains to be seen.
The community has noticed that Roblox’s inventory of an “Unstoppablelucent” literally multiplies overnight, raising suspicions that this is who built the extension. In addition, a Rolimons user named ‘ccfont’ also had his account terminated for “suspicious inventory swaps.”
The Roblox community is encouraged to uninstall the extension immediately, clear browser cookies, and change login credentials for Roblox, Rolimons, and other websites they logged into while the extension was active.
A Google spokesperson confirmed to BleepingTeam that the extensions were removed and would be automatically removed from the systems where they were installed.
This is not the first time Roblox users have been targeted by cybercrime. In May 2022, researchers discovered a Trojan file hidden within the legitimate Synapse X scripting tool that is used to inject exploits or cheat codes into Roblox.
Cyber criminals exploited Synapse X to install a self-executing program on Windows PCs that installs library files in the Windows system folder. This has the potential to break applications, corrupt or delete data, or even send information to the responsible cybercriminals.
Via: BleepingComputer (opens in a new tab)