>
Roblox users are being targeted by a malicious Google Chrome browser (opens in new tab) extensions that want to steal their passwords and personal information.
Two separate Google Chrome extensions called SearchBlox, with more than 200,000 downloads combined, were found to contain backdoors that allow attackers to steal (opens in new tab) Roblox credentials, as well as assets on Rolimons, a Roblox trading website.
SearchBlox was hosted on the Chrome Web Store, where it was advertised as search engines that let users quickly search Roblox servers for a desired player. However, both had backdoors that put players at risk of being attacked or stolen.
Suspicious users
Whether SearchBlox’s developers built the backdoor, or whether the tool was compromised at a later date, remains to be seen.
The community has noticed that the Roblox inventory of one “Unstoppablelucent” literally multiplies overnight, raising suspicions that this is who built the extension. In addition, a Rolimons user named ‘ccfont’ had their account terminated due to ‘suspicious inventory transactions’.
The Roblox community is advised to immediately remove the extension, clear browser cookies, and change the credentials for Roblox, Rolimons, and other websites they logged into while the extension was running.
This has been confirmed by a Google spokesperson Beeping computer that the extensions were removed and that they would be automatically removed from systems where they were installed.
This isn’t the first time Roblox users have been targeted by cybercrime. In May 2022, researchers discovered a trojan file hidden in the legitimate Synapse X scripting tool used to inject exploits or cheat codes into Roblox.
Cybercriminals took advantage of Synapse X to install a self-executing program on Windows PCs that installs library files in the Windows system folder. This has the potential to break applications, corrupt or delete data or even send information back to the cyber criminals responsible.
Via: Bleeping Computer (opens in new tab)