With millions of daily active users, the popular online game platform and game creation system Roblox is frequently targeted by hackers and other cybercriminals looking to exploit its popularity.
to that end, a Chrome browser extension named ‘SearchBlox’ is currently being used to create a backdoor on systems, according to a new report from BleepingComputer (opens in new tab). When installed, the extension helps steal Roblox credentials as well as items on the Roblox trading platform Rolimons.
So far, the two malicious extensions on the Chrome Web Store named SearchBlox have been installed by more than 200,000 Roblox players. While it’s not clear whether the developer of these two extensions added the backdoor intentionally or if another threat actor did, BleepingComputer did manage to analyze their code and find the backdoor.
Remove these Chrome extensions now
At the time of writing, both SearchBlox extensions developed by TheM2 have been blocked by admin on the Chrome Web Store, which means that additional Roblox players won’t be able to download them. Still, if you downloaded either extension or your children did, you will need to manually remove them from Chrome.
To do so, click on the three dots menu in Chrome, scroll down to More tools and click on Extensions. Here you’ll see all of the extensions installed in your browser, a toggle to enable or disable them and a button that says Remove. Click on Remove to uninstall the SearchBlox extension from your browser.
The two SearchBlox extensions found on the Chrome Web Store add a player search box to your page that can let you search the game’s servers for other players. Although they have different icons, the extensions were both created by the same developer and have the exact same description.
Surprisingly though, the first extension was actually featured on the Chrome Web Store despite its three star rating. From the comments on its review page, Roblox players seemed quite happy with the extension before the backdoor was suddenly added, which suggests that a hacker was responsible and not its developer TheM2.
According to a tweet (opens in new tab) from RTC, the SearchBlox extension was compromised and then a backdoor was added early in the morning on Wednesday November 23. The unofficial Roblox news and community account also recommended that players should change their passwords if they have the extension installed.
⚠️ WARNING ⚠️Popular plug-in SearchBlox has been COMPROMISED / BACKDOORED - if you have it, your account may be at risk. Please change your passwords IF YOU HAVE IT - and credentials, so that way your account is secure again. pic.twitter.com/DVQpiZ9Pr0November 23, 2022
It’s worth noting that Google took down another malicious SearchBlox extension back in June of this year as it allowed Roblox players to join anyone’s server according to RTC (opens in new tab).
How to play Roblox safely and protect your account online
Besides changing your Roblox password and uninstalling the SearchBlox extension, any users that downloaded the extension should also clear their cookies in Chrome. At the same time, you should probably change your passwords for any other websites that may have logged in while the backdoor was present in the extension.
For parents that want to ensure their children are safe while playing Roblox, the parental control app Qustodio recommends in a blog post (opens in new tab) that parents set the birthdate to under 13 even if their kids are older to activate automatic content filtering. You should also use Roblox’s native parental controls to better curate the content kids can access while playing the game. Likewise, you should restrict voice chat to only approved friends or turn it off entirely.
If you live in a country where Roblox is banned, you can use one of the best Roblox VPN services to get around any restrictions and let your child play the game.
Roblox can be a lot of fun, and in recent years, it’s actually become more popular than Minecraft. Still, you'll want to make sure you have a talk with your children about installing extensions or other add-ons to the game which could put their security at risk.