SearchBlox malware refers to a legitimate extension that was found to have a backdoor that could allow malicious actors to obtain your Roblox (an online game platform) credentials and assets. The extension is advertised as a tool that allows users to search Roblox servers for specific players. The extension was available for download from the Chrome Web Store, with downloads estimated to be at least 200,000.


SearchBlox malware


SearchBlox is promoted as an extension that allows Roblox users to find specific players in Roblox servers. Roblox is an online game platform that allows users to play games, as well as create them for other users to play. It’s quite a popular platform with millions of users. Therefore, an extension like SearchBlox would also be popular among users.

The malicious SearchBlox extension has been uploaded and removed from the Chrome Web Store multiple times. The most recently uploaded extension has been downloaded more than 200,000 times. When users download the extension, it requests permission to access data on Roblox websites. It’s been noted to also sometimes request data of all visited sites. The extension is essentially trying to steal the login credentials of Roblox accounts. In addition, it also targets credentials for Rolimon’s accounts. Rolimon’s is a trading platform for Roblox users. Stolen account credentials could result in money loss because Roblox assets can be sold for real currency.

The stolen credentials would likely be sold on a hacker forum for other malicious actors to buy. If you are a Roblox user and have installed the extension, you need to change your passwords immediately to stop your account from being potentially hijacked and your assets stolen.

Unfortunately, because this extension was available on the Chrome Web Store and appeared to be safe until Roblox users raised the alarm, there’s not much you could have done to avoid it if you did install it.

How is SearchBlox malware distributed?

SearchBlox is technically a legitimate extension so it is available on the Chrome Web Store. However, the extension that can be downloaded from the web store has been found to contain malicious code. Whether the extension has been made malicious by the developers or by some malicious actors is not clear but whatever the case may be, users who would download the extension would end up with malware. It appears that the malicious extension has been downloaded more than 200,000 times from the Chrome Web Store. The fact that it was available on a legitimate and trusted download site allowed the malicious extension to spread much more widely than it would have otherwise.

It also appears that the SearchBlox extension has been made malicious not for the first time. A couple of months ago, Google took down another SearchBlox extension that had been available for at least 4 months.

It’s generally recommended to only download programs/extensions from trusted sources, such as the Chrome Web Store, in order to prevent infections. However, evidently, such sites are not perfectly safe and can be used to distribute malware. Malicious actors come up with all kinds of methods to bypass security measures employed by legitimate download sources like Chrome Web Store. They are sometimes successful and their malicious extensions can stay up for months. But while it will not necessarily help in all cases, it’s recommended to always research programs/extensions prior to installing them, even if you’re downloading them from a legitimate store. You should look into the developer, read reviews, and use a search engine to see whether there are any sites classifying the extension/program as malicious. Taking the time to do some research can help save you a lot of time and trouble.

Other malware distribution methods include torrents and email attachments. Users with bad online habits are much more likely to infect their computers with malware because they tend to engage in risky online behavior more often. For example, if you open unsolicited email attachments or download random torrents, you will come across malware sooner or later. Taking the time to develop better online habits is highly recommended.

It’s important to learn to recognize malicious emails because opening them could lead to an infection. Although the efforts are generally quite poor, malicious emails are occasionally concealed to look as though they were sent by legitimate companies. One of the most obvious signs that an email may be malicious is grammar and spelling mistakes in emails that are supposed to be sent by legitimate businesses (such as banks, parcel delivery services, etc.). For example, if an email purports to be from a parcel delivery service but has multiple obvious grammar and spelling mistakes, it is almost certainly malicious. Legitimate companies will take great care to minimize spelling and grammar errors because they give the impression that an email is not written professionally.

Another red flag is when someone addresses you using generic language like “User”, “Member”, or “Customer” when they should know your name. When emailing customers, companies insert their names to make the emails appear more personal.

It’s important to also mention that some malicious campaigns that target a particular person may be substantially more sophisticated. Cybercriminals can make their malicious emails look considerably more convincing if they have access to the target’s personal information. For instance, the target may receive a mistake-free email that uses their name to address them and contains other details that lend the email credibility. For this reason, it is typically recommended to scan email attachments with an anti-virus program or at the very least VirusTotal before opening them.

Finally, torrents can also be used to spread malware. It is common knowledge that torrent sites have a large number of malicious torrents. Since torrent sites are frequently not well-moderated, malicious actors have no trouble posting torrents with malware in them. In particular, torrents for entertainment content (movies, TV series, video games, etc.) often have malware in them.

SearchBlox malware removal

SearchBlox malware has since been removed from the Chrome Web Store. It’s also been blacklisted and should be removed from all computers that have it installed automatically. If you have downloaded the extension, you should urgently change your Roblox password, as the malware was likely after login credentials.

Site Disclaimer is not sponsored, owned, affiliated, or linked to malware developers or distributors that are referenced in this article. The article does not promote or endorse any type of malware. We aim at providing useful information that will help computer users to detect and eliminate the unwanted malicious programs from their computers. This can be done manually by following the instructions presented in the article or automatically by implementing the suggested anti-malware tools.

The article is only meant to be used for educational purposes. If you follow the instructions given in the article, you agree to be contracted by the disclaimer. We do not guarantee that the artcile will present you with a solution that removes the malign threats completely. Malware changes constantly, which is why, in some cases, it may be difficult to clean the computer fully by using only the manual removal instructions.

Leave a Reply