According to Cointelegraph: A new malicious browser extension called "Bull Checker" has been identified, targeting Solana users and successfully bypassing the platform’s drainer checks. The decentralized exchange aggregator Jupiter issued a warning on August 20, alerting users to this threat, which has already compromised several wallets.
The "Bull Checker" extension, which posed as a tool to help users view the holders of specific meme coins, was advertised on Reddit, primarily targeting Solana users. According to a research post by Jupiter’s pseudonymous founder, Meow, the extension was able to pass Solana’s simulation checks and present itself as a legitimate tool. However, once installed, it would modify transactions without detection, allowing it to drain funds from users' wallets.
The extension requested users to grant permissions to "read and write" data, a significant red flag, as legitimate wallet-checking extensions typically require only "read-only" permissions. Despite this, several users installed and used the extension, leading to the loss of their assets.
Meow explained that the extension would wait until a user interacted with a legitimate decentralized application (DApp) before modifying the transaction to redirect funds. This modification would not be flagged by the simulation checks, making it difficult for users to detect the malicious activity.
One Reddit user promoting the "Bull Checker" extension claimed to have made $3,000 using the tool, though no further details were provided.
Jupiter reassured the community that their investigation found no vulnerabilities in the major DApps or wallets on the Solana network, emphasizing that the threat was confined to the malicious extension itself.
This discovery follows closely on the heels of other recent security breaches within the Solana ecosystem, including the halting of Cypher Protocol’s smart contract system after a $1 million exploit. Additionally, on July 8, Matthias Mende, co-founder of the Dubai Blockchain Center, reported losing over $100,000 in Solana from his Phantom Wallet after participating in a memecoin pre-sale event.
Users are urged to remain vigilant and remove any suspicious extensions, such as "Bull Checker," to safeguard their assets.