PPE: If you have the popular SearchBlox extension installed on Google Chrome, you should uninstall it immediately, clear your cookies, and change your Roblox and Rolimons passwords. The extension contained a backdoor designed to steal user credentials. Other websites you may have logged into with the extension installed may also be at risk.
As one of the most popular games among kids, Roblox is an obvious target for malicious actors. A popular Chrome extension related to the game attempted to steal users’ login credentials and tradable assets.
Bleeping Computer discovered that the two instances of the “SearchBlox” extension on the Chrome web store contained malware. The code stole account details and items from the Roblox trading platform Rolimons. Currently, antivirus software does not flag the extension or related URLs, making them difficult to detect.
SearchBlox has promoted itself as a tool that allows users to search for specific Roblox players. Someone added the code after hundreds of thousands of users downloaded it. However, whether the backdoor came from the original developer or from someone else who compromised the extension is unclear.
⚠️ ATTENTION ⚠️
The popular SearchBlox plugin has been COMPROMISED / BACKDOORED – if you have it, your account may be at risk. Please change your passwords IF YOU HAVE – and login credentials to keep your account secure again. pic.twitter.com/DVQpiZ9Pr0
– RTC (@Roblox_RTC) November 23, 2022
Some Roblox players suspect a user named “Unstoppablelucent” who may or may not have developed SearchBlox. Screenshots show the value of their Roblox inventory exploding in less than a day along with that of a connected account called “ccfont”. The allegations were enough to ban both accounts.
Google has already removed SearchBlox from the Chrome Store, but users who have it installed should verify that it is still present on their systems. Google previously shut down another extension of the same name between June and October this year. So whoever is behind this has tried the tactic before and may try again.
Browser extensions are a common vector for malware, whether from the original developers or external actors who compromise extensions. In October, researchers uncovered a massive operation using 30 Chrome and Edge extensions downloaded by millions of users to hijack browser histories, inject ads and load malicious code.
In addition, Roblox is one of the most affected games by cyber threats, trailing only behind FIFA and Minecraft. The most common malware vector for these games are clients that pretend to download the titles but contain the malicious code. Users should only download games from trusted sources. TechSpot offers a secure Roblox download.