Roblox is a popular online gaming platform primarily aimed at younger players. It allows them to explore a variety of worlds, while creating their own programs for others to experience. Players can even choose to download third-party browser extensions that provide quality-of-life enhancements, such as more customization and trading options. However, one such extension known as “SearchBlox” has come under fire for its shady features.
Unlike most security breaches, the blame for this one Roblox hack falls exclusively on players. “SearchBlox” never actually infiltrated the game’s servers; the questionable Google Chrome extension only accessed individual Roblox accounts that willingly gave it that access. The program is a warning to all users who are quick to allow all permissions for third-party applications.
The Shady Roblox ‘SearchBlox’ Extension
SearchBlox is a browser extension supposedly designed to allow players to search Roblox servers for all other players, and even join a server they are on. Many players dislike the application as it allows overzealous children to stay on Roblox to disrupt a content creator’s stream. The extension and any copies of it have since been deleted from the Chrome Web Store, but not before it was installed over 200,000 times according to BleepingComputer – meaning the third party responsible for the extension gained access to potentially hundreds of thousands of Roblox accounts.
Using Roblox_RTC on Twitter, a popular source for Roblox news, warned players to remove the extension and change security account details on Roblox. The post reports that the extension may have been backdoored, meaning the code contains an unscrupulous way to gain access to an otherwise protected system — in this case Roblox the user’s account credentials. Other users went out of their way to download the extension and find the exact location of the backdoor, leaving no room for doubt that SearchBlox is a malicious program.
It seems this wasn’t even the first time the SearchBlox extension was removed from the Chrome Web Store. It was already available in June 2022, but was removed in October. Some time later, the extension went up again before it was removed once more in November. While SearchBlox was up, many Roblox users reported that they had lost their in-game currency called Robux.
In accordance Roblox user UtibaOfficial, the extension started as a typical quality of life application without any backdoor in the coding. However, it is believed that after the extension received over 200,000 views, the developer purposefully added malicious coding so that they could hack into more Roblox accounts.
Two accounts believed to be linked to the hack are Unstoppablelucent and ccfont on Roblox, but both have since been terminated from the game. However, a new user named unstoppablelucents has an About section that reads: “My protagonist got banned from Unstoppablelucent for hacking people.” It’s unclear if this is the original user, but if it is, it doesn’t bode well for Roblox players who think the problem is solved.
All in all, this hacking fiasco shows that people need to be careful about the third-party apps they use. Although many of these extensions provide useful features and can make browsing easier, they still have significant access to the user’s personal details, such as browsing data and certain credentials. Things can turn out much worse if the developer of an application decides to hack into its user base, much like what happened with SearchBlox.
Roblox is now available for mobile, PC and Xbox Series X/S.
Source: BleepingComputer
