Malicious Chrome extension found stealing login credentials of Roblox users


November 24, 2022

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Malicious Chrome extension found stealing login credentials of Roblox users

Chrome extension “SearchBlox” has been found to hold a malicious backdoor that can steal login credentials of Roblox users alongside digital assets on the popular trading platform Rolimons, BleepingComputer warns.

According to researchers at the technology and cybersecurity news outlet, the compromised browser extension has already been installed by over 200,000 people. When looking up the ‘SearchBlox’ extension on Chrome, researchers noted that users can find two unsafe extensions, under these IDs:

  • Blddohgncmehcepnokognejaaahehncd – with over 200,000 downloads
  • ccjalhebkdogpobnbdhfpincfeohonni – with 959 downloads
Source: BleepingComputer

The news of the backdoored Roblox plugin was announced on an unofficial Roblox Twitter page Wednesday morning, warning users to immediately change passwords to their accounts:

“Popular plug-in SearchBlox has been COMPROMISED / BACKDOORED - if you have it, your account may be at risk. Please change your passwords IF YOU HAVE IT - and credentials, so that way your account is secure again,” the Twitter account warned.

Both malicious plugins contain a backdoor that loads an obfuscated code that exfiltrates users’ Roblox credentials to another domain.

Google was also alerted to the two malicious add-ons, and the company confirmed it has removed them from its Chrome store.

"The identified malicious extensions are no longer available on the Chrome Web Store," a Google spokesperson told BleepingComputer. "The extensions are blocklisted and will be automatically removed from any user machine that previously downloaded them."

Roblox users are advised to clear their cookies and immediately change the passwords for both their Roblox and Rolimons accounts, as well as for any other accounts that were created or logged into while using the malicious browser extension.

If you struggle to remember all the online accounts created over the years, and you’re not sure whether your information was part of a data breach or leak, check out Bitdefender’s Digital Identity Protection. You can find old accounts linked to as many as 5 email addresses, manage your digital footprint and stay on top of data breaches with 24/7 alerts.

Pair your Digital Identity Protection tool with our 3-in-1 security and privacy pack to benefit from a best-in-class and award-winning antimalware solution, Premium VPN service, and cross-platform Password Manager for ultimate online security no matter where your digital habits take you.




Alina is a history buff passionate about cybersecurity and anything sci-fi, advocating Bitdefender technologies and solutions. She spends most of her time between her two feline friends and traveling.

View all posts

You might also like