Customers at Roblox, the popular online game platform, are being targeted via malicious Google Chrome browser extension that attempts to siphon their passwords and private data.
Threat analysts at Bleeping Computer uncovered two separate chrome extensions called SearchBlox, with more than 200,000 downloads, containing a backdoor that allow the hackers to steal users’ Roblox credentials and their Rolimons assets.
It remains unclear clear whether the designer of these two extensions added the backdoor intentionally or if another hacker did, however, threat analysts were able to analyze their code and find the backdoor.
The malicious extensions identified on the Chrome Web Store add a player search box to the users’ page that allows it to scan the game’s servers for other players. Although they have different icons, the extensions were both designed by the same developer and have identical descriptions.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: