Two separate Google Chrome extensions called SearchBlox, boasting more than 200,000 downloads combined, were found to be carrying backdoors that allow the attackers to steal Roblox credentials, as well as assets sitting on Rolimons, a Roblox trading website.
SearchBlox was being hosted on the Chrome Web Store, where it was advertised as search engines allowing users to quickly look through Roblox servers for a desired player. However, both carried backdoors that put players at risk of attack or theft.
Whether SearchBlox's developers built the backdoor, or if the tool was compromised at a later date, remains to be seen.
The community has noted that the Roblox inventory of one “Unstoppablelucent” multiply literally overnight, raising suspcions that this is who built the extension. Furthermore, a Rolimons user named ‘ccfont’ also had their account terminated over “suspicious inventory trades’.
The Roblox community is advised to uninstall the extension immediately, clear browser cookies, and change the login credentials for Roblox, Rolimons, and other websites where they logged in while the extension was active.
A Google spokesperson confirmed to BleepingComputer that the extensions were taken down and that they would be automatically removed from systems where they were installed.
This is not the first time Roblox users have been targets of cybercrime. In May 2022, researchers discovered a trojan file hidden inside the legitimate Synapse X scripting tool which is used to inject exploits or cheat codes into Roblox.
Cybercriminals leveraged Synapse X to install a self-executing program on Windows PCs that installs library files into the Windows system folder. This has the potential to break applications, corrupt or remove data or even send information back to the cybercriminals responsible.
- These are the best malware removal tools around
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.