It has been discovered back doors In two popular Chrome extensions in the Roblox community: they are called Blox search, and if one of them is clearly identifiable as a possible fake (only one review with a very low score and only 959 downloads), then the other certainly looks legit. In general, the number of installations is more than 200,000.
The news was originally released by RTC extensionwhich is an unofficial community dedicated to Roblox, people from sleeping computer. Apparently The malware can steal Roblox login credentials and steal assets on the Rolimons trading platform. It is not currently 100% confirmed, but evidence seems to indicate that the backdoor was introduced by the developer on purpose. In the case of the most common extension, the cheat code is on the third line of the content.js file, while it’s on the other line in button.js.
it is clear that The attack comes from the same source because both tokens point to the same URL. When you open the page, it looks like a buggy HTML page that attempts to display an image and fails to do so, but closer inspection reveals that the stolen data has been moved to another domain.
Turns out the guy who made “SearchBlox” (which uses UnstoppableLucent on Roblox) put the code himself into the plugin and it wasn’t a backdoor!
For this reason, it has been terminated in Roblox!
– Utiba (@UtibaOfficial) November 23, 2022
Apparently, as we said, the add-on developer was acting consciously and with determination: his Roblox account suddenly filled up with assets and resources only when the malware was activated. Roblox has terminated the account, and further legal action is expected at this point. However, anyone who has SearchBlox installed has it installed Delete the extension, delete cookies and cache, and change your passwords. In fact, the extension should have been removed from Chrome automatically because Google removed them from the Web Store.