BTC $51524.6928
ETH $3102.2833
BNB $384.2776
SOL $103.2311
XRP $0.5405
ADA $0.5849
AVAX $36.9511
TRX $0.1377
DOGE $0.0856
wstETH $3587.3896
LINK $18.6494
DOT $7.8438
WETH $3100.0078
UNI $11.0945
MATIC $0.9971
WBTC $51554.8458
IMX $3.3401
ICP $12.4013
LTC $70.0025
BCH $266.3236
CAKE $3.1426
FIL $8.1456
ETC $27.0947
RNDR $7.2587
DAI $1.0009
KAS $0.1676
HBAR $0.1071
ATOM $10.3461
INJ $35.4309
VET $0.0467
TON $2.0697
OKB $50.3127
FDUSD $0.9994
LDO $3.3633
GRT $0.3004
ARB $1.8920
XMR $128.8577
TIA $16.5811
XLM $0.1156
STX $2.5143
ENS $22.4126
NEAR $3.6605
APEX $2.4601
WEMIX $2.0774
MKR $2060.5410
BEAM $0.0332
MNT $0.8950
BTC $51524.6928
ETH $3102.2833
BNB $384.2776
SOL $103.2311
XRP $0.5405
ADA $0.5849
AVAX $36.9511
TRX $0.1377
DOGE $0.0856
wstETH $3587.3896
LINK $18.6494
DOT $7.8438
WETH $3100.0078
UNI $11.0945
MATIC $0.9971
WBTC $51554.8458
IMX $3.3401
ICP $12.4013
LTC $70.0025
BCH $266.3236
CAKE $3.1426
FIL $8.1456
ETC $27.0947
RNDR $7.2587
DAI $1.0009
KAS $0.1676
HBAR $0.1071
ATOM $10.3461
INJ $35.4309
VET $0.0467
TON $2.0697
OKB $50.3127
FDUSD $0.9994
LDO $3.3633
GRT $0.3004
ARB $1.8920
XMR $128.8577
TIA $16.5811
XLM $0.1156
STX $2.5143
ENS $22.4126
NEAR $3.6605
APEX $2.4601
WEMIX $2.0774
MKR $2060.5410
BEAM $0.0332
MNT $0.8950
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Roblox attracts not only children, but also cybercriminals


    Google Chrome extensions for Roblox contain a backdoor. More than 200 thousand players are under threat.

    BleepingComputer researchers have discovered that the "SearchBlox" Chrome browser extension, installed over 200,000 times, contains a backdoor that can steal Roblox credentials as well as assets on the Roblox Rolimons trading platform. According to experts, the backdoor was introduced either by the developer himself or during a compromise.

    There are two search results for "SearchBlox" in Chrome. According to the description, these extensions allow you to "search Roblox servers for the right player instantly." Researchers' analysis showed that they both contain a backdoor

    For the second extension, with only 959 downloads, the backdoor was in the "button.js" file. The malicious URL looks like this: "hxxps://searchblox[.]website/image.png/image.txt". The page contains HTML that pretends to display an image, but instead loads obfuscated JavaScript.

    When decoded, the code exfilters the Roblox credentials to another domain: "releasethen.site".

    Of note, "searchblox.site" and "releasethen.site" were registered in November on the same Hostinger web host. The code is also intended to view the player's profile on Rolimons.

    As to whether the backdoor was introduced into the extension after being compromised by an attacker, or deliberately introduced by the developer, this remains to be determined in an authoritative manner.

    Some Roblox players noticed that the inventory of user "Unstoppablelucent", allegedly the developer of the extension, increased overnight, and the account of user Rolimons under the nickname "ccfont" was deleted on November 23 due to "suspicious inventory transactions".

    BleepingComputer has notified Google of malicious extensions. A Google spokesperson confirmed that these extensions have been removed and will be automatically removed from the computers on which they were installed.

    Author DeepWeb
    The elusive SharkBot again swam into the still waters Google Play
    Unit221b secretly helped victims of zeppelin ransomware for 2 years

    Comments 0

    Add comment