A Roblox Chrome extension downloaded by over 200,000 users contains a backdoor

PSA: If you have the popular SearchBlox extension installed on Google Chrome, you should immediately uninstall it, clear your cookies, and change your passwords for Roblox and Rolimons. The extension contained a backdoor designed to steal user credentials. Other websites you are logged into with the extension installed may also be at risk.

As one of the most popular games among children, Roblox is an obvious target for malicious actors. A popular gaming-related Chrome extension attempted to steal users’ login details and tradeable assets.

Bleeping Computer discovered that the two instances of the “SearchBlox” extension in the Chrome web store contained malware. The code stole account credentials and items from Roblox’s trading platform, Rolimons. Currently, antivirus software does not flag the extension and related URLs, making it difficult to detect.

SearchBlox advertised itself as a tool that allowed users to search for specific Roblox players. Someone added the code after hundreds of thousands of users had downloaded it. However, it is not clear if the backdoor came from the original developer or someone else who compromised the extension.

Some Roblox players are suspicious of a user named “Unstoppablelucent”, who may or may not have developed SearchBlox. The screenshots show the value of his Roblox inventory exploding in less than a day, along with that of a connected account called “ccfont”. The allegations were enough to get both accounts banned.

Google has already removed SearchBlox from the Chrome Store, but users who installed it should check if it’s still on their systems. Google previously removed another extension with the same name sometime between June and October of this year, so whoever was behind it has tried the tactic before and may try again.

Browser extensions are a frequent vector for malware, either from the original developers or from third-party actors compromising the extensions. In October, researchers uncovered a massive operation that used 30 Chrome and Edge extensions downloaded by millions of users to hijack browsing histories, insert ads, and load malicious code.

Furthermore, Roblox is one of the games most attacked by cyber threats, only behind FIFA and Minecraft. The most common malware vector for these games is clients that pretend to download the titles but include the malicious code. Users should only download games from trusted sources. TechSpot offers a secure Roblox download.

Leave a Comment