Security News > 2022 > November > Backdoored Chrome extension installed by 200,000 Roblox players
Chrome browser extension 'SearchBlox' installed by more than 200,000 users has been discovered to contain a backdoor that can steal your Roblox credentials as well as your assets on Rolimons, a Roblox trading platform.
These extensions claim to let you "Search Roblox servers for a desired player... blazingly fast" but both contained the backdoor.
We downloaded the Chrome extension for analysis and for the first extension downloaded by over 200,000 users, the backdoor exists on line 3 of the 'content.
It doesn't seem like the first time a malicious 'SearchBlox' extension has targeted Roblox users either.
There is some speculation among Roblox community members [1, 2, 3, 4] who have noticed the inventory of user 'Unstoppablelucent', purportedly the developer of the extension multiply overnight whereas Rolimons user 'ccfont' has been terminated today over suspicious inventory trades.
Suffice to say, anyone who has installed 'SearchBlox' should remove the extension immediately, clear their cookies and change their passwords for Roblox, Rolimons, and other websites they may have logged into while the extension was in use.