Jupiter Finds Malicious Chrome Extension, “Bull Checker”

Crypto Exchange Jupiter has identified a malicious chrome extension, “Bull Checker” after the trading platform received complaints from users using Solana DeFi  that got drained over the last weeks.

The notorious chrome extension was found to have attacked users on many Solana-focused subreddits, and had the permission to read and change all the data on the website, as a potential cause.

Jupiter informed users saying, “Users with this extension would interact with the dApps as per normal, have the simulation show up as normal, but have the possibility of their tokens being maliciously transferred to another wallet upon transaction completion.”

The crypto platform showed two instances of how the attack was carried out, and found that malicious instructions were added to regular Jupiter and Raydium instructions. Even the next transaction was signed by the user in a regular manner. However, this time the tokens and authority was transferred to the malicious address.

Jupiter exchange finds malicious extension bullchecker in one of the instanceJupiter exchange finds malicious extension bullchecker in one of the instance
First instance of Jupiter finding Bull Checker’s Attacking Mechanism

 

Jupiter exchange fiunds malicious extension Bull Checker in two instances .Jupiter exchange fiunds malicious extension Bull Checker in two instances .
Second instance of Jupiter identifying Bull Checker’s Attacking Mechanism

As per the technical report of the attack, “Bull Checker” was publicised by an anonymous Reddit account, “Solana_OG”. The attacker specifically targeted users looking to trade memecoins, and coerced them to download the extension.

The crypto trading platform has asked users to remove any intruding extension with detailed permissions.

Jupiter added, “Note that there is no vulnerability found in any of the dapps or wallets.”

The crypto exchange teamed up with the CEO and Founder of Offside Labs to get an extensive technical report on the matter, and has also advised users about Blowfish’s latest  security feature, ‘SafeGuard’ that prevents all simulation spoofing attacks.

Also Read: Jupiter’s community vote to shape Jupuary’s future

 

Source: https://www.cryptonewsz.com/jupiter-malicious-chrome-extension-bullchecker/