Leading Solana-based decentralized exchange aggregator Jupiter exposes malicious Chrome extension targeting Solana users.
Dubbed Bull Checker, the malicious Chrome extension has been targeting several subreddits affiliated with Solana.
Bull Checker Extension Details
According to the announcement, Bull Checker, which appears to be a harmless and read-only extension, is designed to have extensive permission to modify website data.
Jupiter researchers uncovered the malicious extension following reports that a few users of several Solana-based decentralized applications (dApps) were exploited in a major heist.
After investigation, the researchers found that the Bull Checker extension interacted with dApps, like Jupiter and Raydium, modifying users’ transaction data to transfer funds to another wallet maliciously.
The report provided evidence of how the extension maliciously modified transaction data and diverted funds to the scammers’ wallets after the user had signed the transaction normally.
Notably, the modification usually happens when the transaction is being processed. Also, during simulation, the researchers did not find the Bull Checker extension as malicious. However, the extension becomes active during on-chain transactions to steal users’ funds.
Further investigations reveal that an anonymous Reddit account, “Solana_OG,” shared the malicious extension in the comment section of different subreddits. This Reddit account targeted users seeking to purchase Solana-based memecoins.
Safety Tips
Meanwhile, the researchers warned that there could be other malicious extensions with similar features like Blue Checker that are yet to be uncovered.
In the meantime, they warned against installing extensions with “read and change” permissions and urged users to uninstall them from their browsers. Solana users are advised to be cautious of extensions that require extensive permissions.
“Stay safe out there, and don’t install extensions that can read/write data unless you are really sure!” the announcement read.
Solana Popularity Soars Amid Memecoin Success
The development comes months after Solana gained significant traction due to the success of selected memecoins launched on the network.
Following the massive growth of dogwifhat (WIF), Bonk (BONK), Popcat (POPCAT), and Book of Meme (BOME), Solana eventually became the leading network for this cycle’s memecoins.
As more memecoins made their way to Solana, scammers also seized the opportunity to exploit unsuspecting investors. Their tactics range from rug pulling unwary investors to launching malicious extensions to cart away users’ funds.
In May, blockchain security firm SlowMist exposed a fraudulent Chrome extension Aggr that successfully stole millions of dollars worth of crypto despite boasting multiple positive reviews.
Disclaimer: This content is informational and should not be considered financial advice. The views expressed in this article may include the author's personal opinions and do not reflect The Crypto Basic’s opinion. Readers are encouraged to do thorough research before making any investment decisions. The Crypto Basic is not responsible for any financial losses.
