SearchBlox Malware Hijacks Roblox Accounts
Harmful Extension Gets 200,000 Downloads
Recently, 200,000 Roblox users installed a dangerous Chrome extension, according to the latest cyber security news. Roblox players are actively targeted by hackers via a web browser plugin dubbed SearchBlox. According to cyber researchers, this latest spyware is currently on the computer devices of numerous unsuspecting victims, who frequents the Roblox platform.
So far, analysts have identified the malicious malware to possess a backdoor that steals players’ Roblox account details. In addition, the stealth spyware is configured to steal Rolimons assets.
The researchers have also theorized that the harmful malware was intentionally created with a backdoor to drop its virus payload, or that the SearchBlox Chrome browser extension has been hacked by dark web hackers.
The ‘SearchBlox’ browser extension appears in two ‘SearchBlox’ results on the Chrome Web Store. Both of these extensions claim to assist users ‘blazingly fast’ to search Roblox servers for their desired player, but when analyzed closely, they both show traces of the harmful virus.
Roblox Users’ Data Stolen
On Wednesday, the Roblox community shared the news that SearchBlox contained malicious malware. According to an unofficial Roblox community called RTC, ‘Popular plug-in SearchBlox has been COMPROMISED/BACKDOORED. If you have it, your account may be at risk.
Roblox users were warned to change their passwords immediately, to ensure the security of their accounts. Further tests show that the malicious backdoor was installed on line 3 of the ‘content.js’ file.
Additionally, research shows that the code was also injected into the player’s profile section on Rolimons.com, which is a renowned Roblox trading platform. However, further reports stated that the malicious ‘SearchBlox’ extension is not new to Roblox users.
A malicious ‘SearchBlox’ extension was reportedly removed by Google from the Chrome Web Store in October. As of June 28th, 2022, another harmful ‘SearchBlox’ extension that had been uploaded was also removed from the tech giant’s platform.
To what extent the backdoor was injected in the browser extension is unknown, but it appears that criminal hackers have been utilizing it in their phishing campaigns.