Players in Roblox may be subjected to a security breach, as its Google Chrome extensions allow for their passwords and personal data to be stolen. The extensions in question, both called SearchBlox, already have more than 200,000 thousand downloads, collectively. This could pave a way for cyber attackers to steal Roblox credentials, as well as properties within the Roblox trading website, Rolimons.
Who’s Behind It?
It is still unknown whether the SearchBlox already had the backdoors built by the developers, or if it was placed by someone else entirely. Although, the Roblox community has been keeping an eye out, and noticed that the inventory of one user, “Unstoppablelucent” has grown exponentially overnight. This raised some brows, thinking that he might be responsible for the hack.
Another was a Rolimons user who goes by “ccfont.” The user had their account terminated, which was the result of “suspicious inventory trades.” The Roblox community has already been advised to uninstall the extension as soon as they can. It would do well to also clear browser cookies, as well as change their login information on both Roblox and Rolimons.
According to TechRadar, the extensions have already been taken down. It would also be removed automatically from the systems they were installed in. Roblox is not new to malefactors. There are several trading scams even in certain Roblox games like “Adopt Me,” which is done even without knowledge about codes. All they bring are promises of compensation for the trade they received, but leaving the server instead.
Hackers Infiltrating a Kid’s Game
Some hackers have turned to Roblox to plant malicious files even before. Back in March, Avanan, an email security service, found a trojan file that was in a legitimate scripting engine, Synapse X. They saw the self-executing file in a customer’s OneDrive, which may have been uploaded by mistake. It appears as a library file (DLL) in the system folder of Windows.
According to reports, the malicious file is capable of breaking applications and listening to files. The company reached out to Roblox, to which they received a response. Roblox said that using third-party services to get through certain systems, goes against their Terms of Service. They added that Roblox maintains many systems to keep the users safe and secure.
From a strategic point of view, it’s a smart move to target Roblox users. It is mostly played by children, who most of the time, are unaware of potentially malicious files. They could unknowingly download the malware, exposing their personal computer to cyberattacks that take personal data. The game also has a currency called “Robux” which can be purchased using debit or credit cards, and that information could be stolen as well.
In 2021, Roblox has garnered over 32 million active users in 180 countries. Around half of American children play it. Between ages 9 and 12, around 75% use the platform. That’s a lot of children who could possibly download malware planted by hackers.