• Solana users were being targeted on Reddit with a malicious Chrome extension called “Bull Checker.”

Solana-based decentralized exchange aggregator Jupiter has issued a warning about a malicious Chrome extension called “Bull Checker.”

Several subreddits linked to the prominent “Ethereum killer” have been specifically targeted by the fraudulent extension. 

“Bull Checker” pretends to be a rather benign read-only extension that simply allows users to check their cryptocurrencies.

However, the actual goal of this extension is to fool unsuspecting users into transferring their funds to another wallet. 

It is worth noting that “Bull Checker” can read and change all your data on a website. This should be treated as a major red flag since such an extension would not normally need this sort of permission. 

The extension was able to drain the wallets of its victims by modifying transactions from a regular dApp. Unsigned transactions get forwarded to a remote server to a drainer program. 

Earlier this year, Solana gained more popularity due to the success of meme coins. Unsurprisingly, the malicious extension was specifically targeting Reddit users who were looking to trade the aforementioned type of cryptocurrencies. 

While “Bull Checker” has now been exposed as a sham, it is likely that there are other malicious extensions that are yet to be tracked down. Hence, users should stay vigilant and uninstall all suspicious extensions (especially the ones that require extensive permission). 

Earlier this year, a malicious Aggr extension that had positive reviews on the Chrome Store managed to steal millions of dollars worth of crypto.

Beware of fake Chrome extensions!

A malicious Aggr extension with positive reviews on the Chrome Store has been stealing cookies and your funds.

Hackers could have planned this attack over 3 years ago and they target users by promoting the extension through influencers.…

— SlowMist (@SlowMist_Team) May 31, 2024