Malicious Chrome Extension Poses Risk to Solana Users
Jupiter, Solana’s decentralized exchange, has issued a warning about a malicious browser extension targeting Solana users who use Google Chrome.
According to a detailed analysis conducted by the platform’s founder, nicknamed “Meow,” the browser extension is designed to drain users’ funds and even circumvent Solana’s spoofing controls.
Users at Risk
The extension, known as “Bull checker,” is being promoted on various Solana-related forums on the social media platform Reddit. It claims to be a tool that allows users to view all holders of a specific meme coin.
However, this seemingly normal extension can intercept and modify transactions as users interact with decentralized applications (Dapps), maliciously transferring funds from users to different wallets.
The extension is also designed to evade detection through trading simulation tools.
Specifically, the extension hijacks the wallet’s signTransaction method and forwards it to a remote server controlled by the attacker. Here, the transaction is modified to contain instructions to drain funds from the user’s wallet and transfer authority to the attacker.
When the user finally signs the transaction, the modified instructions are executed, giving the attacker the authority to transfer all coins from the victim’s wallet.
Meow stated that the extension requires users to provide read and write permissions during installation, highlighting this as a significant “red flag” because any extension claiming to perform Bull Checker functionality only requires “read-only” permissions. The founder added:
“There were reports of other drains, but we could not locate them. If you suspect an extension contains malware, especially if it has read and write permissions, uninstall it immediately.”
Analysts mentioned that the breach only affected “a small number” of users but did not disclose further details. Meanwhile, Jupiter urges users to uninstall any suspicious extensions that require similar permissions. The community was assured that no vulnerabilities were found in any of their dapps or wallets.
Continual Threat in Cryptocurrency
This is not the first incident of malicious browser extensions targeting cryptocurrency users.
For example, users of the cryptocurrency wallet maker Ledger were attacked by a fake extension disguised as the Ledger Live app, which wallet owners use to approve transactions. The extension requires users to input an initial passphrase during installation and eventually uses it to drain their funds.
Earlier this year, a malicious extension was reported to mimic the Aggr app, which provides various tools for professional traders. The fake extension is designed to gather website cookies from the victim’s web browser and use them to reconstruct passwords and recovery keys, specifically targeting Binance accounts.
Attackers in the cryptocurrency space are continuously evolving and using more sophisticated tactics to deceive their victims. As previously reported by Invezz, cryptocurrency scammers were found to be using fake Zoom links to deploy malware on Windows computers, resulting in losses of over $300,000.
The post Solana users are at risk as a malicious Google Chrome extension drains funds first appeared on Invezz.
