ROBLOX, a popular multiplayer video game with more than 178 million registered accounts, is being targeted by cybercriminals via its chat function in an effort to siphon off millions of dollars from players.
The criminals are using an API in the chat platform, called Discord, to steal browser cookies containing ROBLOX login credentials. The end game is stealing ROBUX (in-game currency), and exchanging it for real cash.
According to Trend Micro research, the criminals are infecting targeted systems via a gaming forum, where the crooks have posted malware in the guise of a “cheat application” that would allow players to modify their characters and therefore gain unfair advantage over other players. The malware waits until it detects ROBLOX on a victim’s system. And once it does, it steals the user’s game account cookie.
The malware also has a Discord webhook coded into it, which is a feature that allows the chat program to send a message to a specified channel or user when a certain requirement of a specified app or program is fulfilled.
The malware runs persistently on the affected system, making it possible to obtain new game account cookies whenever they’re detected—meaning that password changes are useless.