Malicous Chrome Extensions Stealing Roblox In-Game Currency [source: trendmicro]
by CIRT Team
Recently, we discussed how cyber criminals are using the popular voice/chat client Discord to steal cookies from the running Roblox process on a Windows PC. Since then, we’ve noticed another attack going after the same information, only this time it is via Chrome extensions (CRX files).
While currently it is targeting only Roblox users, the same technique can be used to steal cookies from any website. The stolen information is sent via Discord, but this also could be configured to use other chat platforms. We learned this particular Chrome extension was, in fact, for sale on the Dream Market underground marketplace for only 99 cents.
For more detail, click here.