Malicious project logging stolen account data


#1

I’m a user on the popular game platform Roblox.com, and I recently noticed a wave of messages on the platform about a new extension regarding the platform that would help around the website, etc.

However, I went to this extension and checked it’s code (I’m paranoid with account theft) and sure enough, the extension was grabbing cookie data and sending it to a project hosted on glitch to log. I feel that this project should be removed and the creator should be suspended, as I almost lost my account on a separate site, and this project is clearly malicious.

MALICIOUS PROJECT NAME: https://rbxanalytics.glitch.me
MALICIOUS CHROME EXTENSION: https://chrome.google.com/webstore/detail/rocksplus/gnaioifmkdcdodbdcfkpiamniiepehfm/reviews

The project is private so I cannot see it’s code, but I can confirm it has a logging section in its code that is being used by the extension.

There may even be more projects that do the same thing, I’m not sure, though.


#2

Thanks for the heads up! I’ve suspended the project.


#3

I am the owner of that project and that is NOT what that function is used for.

That is to be able to confirm the whitelist as some whitelist are temporary.


#5

Hi Tim, i’m an administrator for this rbxanalytics.glitch.me project. We sell licenses to people in order to use our features and APIs and this particular user abused the mechanics for his chrome extension. His license has been suspended and he is no longer welcome to use our features. We ask that you don’t punish all our users for the mistakes of one. He has been removed from our memberbase and we ask that you may return our services for rbxanalytics.glitch.me.

Let me know if you have any questions, comments or concerns.

-Jaden W


#6

I reenabled the project.

I don’t agree that a site shouldn’t be allowed to send any cookies to Glitch. Normally a site won’t be able to access cookies that belong to another domain, so the only cookies it could send are cookies that belong to it anyway. The reason the extension code can do that in this case is because it has been installed as an extension, so it has special privileges.

@pancake, if you see this extension come back, or any others like it, please let us know and we’ll shut them down. Thanks for the help!


#7

Sure thing! I also reported the extension to Google and it has been taken down accordingly. Thanks for all your help, and sorry for the confusion with the purpose of the project originally.