Solana-based Jupiter alerts of malicious Chrome extension draining wallets

The Jupiter exchange is warning of a malicious Chrome extension called “Bull Checker,” which it says is targeting Solana users.

The exchange’s warning comes in the wake of complaints by several Solana (SOL) decentralized finance users about having their crypto wallets drained.

In an Aug. 19 post on X, the Jupiter (JUP) team said they carried out extensive investigations into the complaints and identified the malicious browser extension.

Per the team’s post, Bull Checker has targeted members of various Solana subreddits on the Reddit social platform. The team notes that while the extension allowed for users to interact normally with decentralized applications on Solana, in several cases when users interacted with dapps, it added malicious instructions to a transaction that transferred users’ tokens to a different address.

When being installed, Bull Checker asks for permission to read and change all the data on the website, a requirement the Jupiter team said is unnecessary for a read-only extension that allows users to view meme coin holders.

This should have been a major red flag for users, but apparently, several users continued to install and use the extension.

Meow, Jupiter Exchange founder

Reddit-promoted Chrome extension targets Solana users

The extension was allegedly promoted by an anonymous Reddit user going by the pseudonym “Solana_OG,” who reportedly targeted members of different Solana subreddits looking to trade Solana meme coins and encouraged them to download the extension.

In one of their Reddit posts, Solana_OG claimed to have made $3,000 in a week by using the extension.

As of press time, the extension seemed to have been removed from the Chrome Web Store, with a notice on the link saying, “This item is not available.” Nonetheless, the Jupiter exchange team advised users to stay alert for similarly malicious extensions. The team asked members of the crypto community to be wary of extensions that ask for “read” and “change” permissions.

Jupiter also warned users to be wary of all recommendations and popular tools, as scammers may use social engineering or astroturfing, the misleading practice of disguising a coordinated online campaign as spontaneous public feedback, to win the confidence of potential victims. The project has reassured users that it found no vulnerabilities in any of the major dApps or wallets on Solana during its investigations.

Source: https://crypto.news/solana-based-jupiter-alerts-of-malicious-chrome-extension-draining-wallets/