This Roblox Chrome extension had a sneaky security backdoor

Roblox users are being targeted with malicious Google Chrome browser(opens in new tab) extensions that look to steal their passwords and personal data.

Two separate Google Chrome extensions called SearchBlox, boasting more than 200,000 downloads combined, were found to be carrying backdoors that allow the attackers to steal(opens in new tab) Roblox credentials, as well as assets sitting on Rolimons, a Roblox trading website.

SearchBlox was being hosted on the Chrome Web Store, where it was advertised as search engines allowing users to quickly look through Roblox servers for a desired player. However, both carried backdoors that put players at risk of attack or theft.

oIiXpwdleVN6Vrlwv2Sf9OPaoP0vl_Y4xdX69ZF-6qBlcKYsNKtBhY_qX6HHcsX6XfmP2bYLCsaJ4O7VTqngopPWpw=w640-h400-e365-rj-sc0x00ffffff

Suspicious users

Whether SearchBlox’s developers built the backdoor, or if the tool was compromised at a later date, remains to be seen.

The community has noted that the Roblox inventory of one “Unstoppablelucent” multiply literally overnight, raising suspcions that this is who built the extension. Furthermore, a Rolimons user named ‘ccfont’ also had their account terminated over “suspicious inventory trades’.

The Roblox community is advised to uninstall the extension immediately, clear browser cookies, and change the login credentials for Roblox, Rolimons, and other websites where they logged in while the extension was active.

A Google spokesperson confirmed to BleepingComputer that the extensions were taken down and that they would be automatically removed from systems where they were installed.

This is not the first time Roblox users have been targets of cybercrime. In May 2022, researchers discovered a trojan file hidden inside the legitimate Synapse X scripting tool which is used to inject exploits or cheat codes into Roblox.

Cybercriminals leveraged Synapse X to install a self-executing program on Windows PCs that installs library files into the Windows system folder. This has the potential to break applications, corrupt or remove data or even send information back to the cybercriminals responsible.