Solana DeFi users hit by malicious ‘Bull Checker’ extension

Jupiter’s latest report flagged a new malicious browser extension that has allegedly drained several Solana users’ wallets. After an extensive investigation, the decentralized exchange aggregator identified the extension called ‘Bull Checker’ targeting Solana-related subreddits.

Rapid action comes into play by the DEX as the reports of a small number of users using Solana DeFi got drained over the last week.

Jupiter red flags ‘Bull Checker’

Pseudonymous Jupiter founder Meow mentioned in an X post that a team headed by the platform spent long hours trying to figure out the root cause of some attacks on Solana DeFi users. They found out that ‘Bull Checker’ was targeting Reddit users on Solana and other subreddits.

The report suggests that users with this extension were interacting with dApps normally but carried the possibility of their tokens being maliciously moved to another wallet upon transaction completion. It added that no vulnerability was found in any of the dapps or wallets.

It advised the users who are still using the extension or extensions with extensive permissions out of reach to be removed immediately. The investigation found that the ‘Bull Checker’ holds permission to read and change all the data on the website. This turns out to be a potential cause.

The report highlighted that Raydium has confirmed that their affected user has the same extension installed. However, the malicious browser extension was supposed to be a read-only extension that allowed users to view the holders of meme coins. It added that there should be no need for an extension like this to read or write data on all websites. Several users continued to install and use the extension.

Meow issues advisory

Meow advised that one malicious extension has been identified for now, but there might still be other such extensions that can impact the users. More reports of drains have not been able to be tracked down. If a user suspects an extension has both read and change permissions, uninstall it immediately. Don’t fall for hype; just because something gets upvotes on Reddit doesn’t make it safe, it added.

This comes at a time when Solana based meme coins were having a hard time in the market. DogWifHat (WIF) price saw a decline of 37% in the last 30 days, and BONK price has dropped by around 40% in the same period.

Solana (SOL) and Jupiter (JUP) prices have also seen a plunge of 15% and 22% over the last month impacting its entire ecosystem. SOL is trading at an average price of $147.11, at press time. Its 24-hour trading volume is up by 10% to stand at $2.29 billion.

Source: https://www.cryptopolitan.com/solana-malicious-bull-checker-extension/