A Roblox Chrome extension downloaded by over 200,000 users contains a backdoor
Users should uninstall the Chrome extension "SearchBlox" immediatelyBy Daniel Sims
PSA: If you have the popular extension SearchBlox installed on Google Chrome, you should immediately uninstall it, clear your cookies, and change your passwords for Roblox and Rolimons. The extension contained a backdoor designed to steal user credentials. Other websites you may have logged into with the extension installed may also be at risk.
As one of the most popular games with children, Roblox is an obvious target for malicious actors. A popular Chrome extension related to the game tried to steal users' login details and tradeable assets.
Bleeping Computer found that the two instances of the extension "SearchBlox" on the Chrome web store contained malware. The code stole account credentials and items from the Roblox trading platform Rolimons. Currently, antivirus software doesn't flag the extension or related URLs, making it hard to detect.
SearchBlox advertised itself as a tool letting users search for specific Roblox players. Someone added the code after hundreds of thousands of users had downloaded it. However, whether the backdoor came from the original developer or someone else who compromised the extension is unclear.
⚠️ WARNING ⚠️— RTC (@Roblox_RTC) November 23, 2022
Popular plug-in SearchBlox has been COMPROMISED / BACKDOORED - if you have it, your account may be at risk. Please change your passwords IF YOU HAVE IT - and credentials, so that way your account is secure again. pic.twitter.com/DVQpiZ9Pr0
Some Roblox players suspect a user named "Unstoppablelucent," who may or may not have developed SearchBlox. Screenshots show the value of their Roblox inventory exploding in less than a day, along with that of a connected account called "ccfont." The accusations were enough to get both accounts banned.
Google has already removed SearchBlox from the Chrome Store, but users who installed it should check if it's still on their systems. Google previously took down another extension by the same name sometime between June and October of this year, so whoever was behind it has tried the tactic before and may attempt it again.
Browser extensions are a frequent vector for malware, whether from the original developers or outside actors who compromise extensions. In October, researchers discovered a massive operation using 30 Chrome and Edge extensions downloaded by millions of users to hijack browsing histories, insert advertisements, and load malicious code.
Furthermore, Roblox is one of the games most targeted by cyber threats, trailing only behind FIFA and Minecraft. The most common malware vector for these games are clients that purport to download the titles but include the malicious code. Users should only download games from trustworthy sources. TechSpot offers a safe Roblox download.