This underground marketplace forum is a hotspot for Roblox hacks, where users even trade ROBUX (the in-game currency of Roblox) for other work or products. Searching for the terms CRM5 or bgWork.js lead right back to the forum. ZIP file contains a file named bgWork.js. We obtained samples of this bot using the following file names: ROBLOX BOT.zip, Crm5extension.crx, Roblox Enhancer.crx, and DankTrades.zip. Roblox Trade Bot being sold on the "Dream Market" underground marketplace (Click to enlarge) We learned this particular Chrome extension was, in fact, for sale on the Dream Market underground marketplace for only 99 cents:įigure 1. The stolen information is sent via Discord, but this could also be configured to use other chat platforms. While it currently only targets Roblox users, the same technique can be used to steal cookies from any website. Since then, we’ve noticed another attack going after the same information, only this time it is via Chrome extensions (CRX files). We recently discussed how cyber criminals are using the popular voice/chat client Discord to steal cookies from the running Roblox process on a Windows PC.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |