The latest high-profile heist of valuable digital currency has nothing to do with Bitcoin or Ethereum. Nope, this time thieves are stealing currency and assets from Roblox players. Roblox is a massively popular kid’s game platform that has a disturbing amount of real money trading hands, and it’s become the target of a series of Chrome extensions hiding malware.
According to BleepingComputer, at least two extensions posted to the official Chrome Web Store were fronts for a backdoor program that gathers a Roblox player’s user info and potentially makes them a target for hacking, especially if they’re also a user of the third-party Rolimons.com currency trading system.
The “SearchBlox” extensions claim to allow you to search quickly for other users, and were apparently legitimate at some point, but have been compromised within the last month. While one of the extensions has been downloaded less than a thousand times, the other has more than 200,000 installations. There’s circumstantial evidence that one or more people are stealing Roblox currency with the data gathered by the hidden backdoor.
At the time of writing, both “SearchBlox” extensions are still live in the Chrome Web Store, with the primary listing enjoying a “Featured” badge. This, despite the fact that Google culled similar compromised extensions just last month.
As always, be wary of third-party browser extensions, and check their updates to make sure they haven’t been “injected” with unnecessary or malicious code. And on a bit of a tangent, if you’re letting your children play Roblox, you might want to take a closer look at its monetization and labor issues — Minecraft might be a better kid-friendly choice.