With millions of daily active users, the popular online gaming platform and game creation system Roblox is frequently targeted by hackers and other cyber criminals who try to take advantage of its popularity.
For this purpose, a Chrome browser extension called “SearchBlox” is currently being used to create a backdoor on systems, according to a new report from BleepingComputer (opens in new tab). Once installed, the extension helps steal Roblox credentials as well as items on the Roblox trading platform Rolimons.
Previously, the two malicious extensions on the Chrome web store called SearchBlox have been installed by more than 200,000 Roblox players. Although it is not clear if the developer of these two extensions added the backdoor on purpose or if another threat actor did it, BleepingComputer managed to analyze their code and find the backdoor.
Remove these Chrome extensions now
At the time of writing, both SearchBlox extensions developed by TheM2 have been blocked by the admin in the Chrome Web Store, meaning additional Roblox players cannot download them. However, if you have downloaded any of the extensions or your children, you will need to remove them from Chrome manually.
To do this, click the three-dot menu in Chrome, scroll down to More tools, and click Extensions. Here you will see all the extensions installed in your browser, a switch to enable or disable, and a button that says Remove. Click Remove to uninstall the SearchBlox extension from your browser.
The two SearchBlox extensions in the Chrome Web Store add a player search box to your page, allowing you to search the game’s servers for other players. Although they have different icons, the extensions are both made by the same developer and have exactly the same description.
Surprisingly, despite its three-star rating, the first extension was actually featured on the Chrome Web Store. From the comments on its review page, Roblox players were quite happy with the expansion before the backdoor was suddenly added, suggesting a hacker was responsible and not its developer TheM2.
according to a tweet (opens in new tab) RTC compromised the SearchBlox extension and then added a backdoor early in the morning of November 23rd. The unofficial Roblox news and community account also recommended that players should change their passwords once they have the extension installed.
⚠️ WARNING ⚠️The popular SearchBlox plugin has been COMPROMISED / BACKDOORED – if you have it, your account may be at risk. Please change your passwords IF YOU HAVE – and login credentials to keep your account secure again. pic.twitter.com/DVQpiZ9Pr0November 23, 2022
It’s worth noting that back in June this year, Google shut down another malicious SearchBlox extension, allowing Roblox players to join any server RTC (opens in new tab).
How to play Roblox safely and protect your account online
Besides changing your Roblox password and uninstalling the SearchBlox extension, all users who have downloaded the extension should also clear their cookies on Chrome. At the same time, you should probably change your passwords for any other websites that might have logged in while the backdoor was present in the extension.
For parents who want to make sure their kids are safe while playing Roblox, the parental control app Qustodio recommends in a blog entry (opens in new tab) that parents set the date of birth under 13, even if their children are older, to enable automatic content filtering. You should also use Roblox’s native parental controls to better curate the content children can access during gameplay. Likewise, you should limit voice chat to approved friends only, or turn it off altogether.
If you live in a country where Roblox is banned, you can use one of the best Roblox VPN Services to bypass restrictions and let your child play the game.
Roblox can be a lot of fun and has become even more popular than Minecraft in recent years. Still, you should make sure to talk to your kids about installing extensions or other add-ons to the game that could compromise their safety.