Latest news about Bitcoin and all cryptocurrencies. Your daily crypto news habit.
Jupiter, a decentralised exchange on Solana, has issued a warning about a malicious browser extension targeting Solana users using Google Chrome.
According to a detailed analysis by the platformâs founder, going by the moniker Meow, the browser extension has been designed to drain usersâ funds and can even bypass Solanaâs simulation checks.
Solana users at risk
Dubbed âBull checkerâ, the extension was being promoted on the social media platform Reddit across many of its Solana-related forums. It advertised itself as a tool that allows users to view all holders of a particular memecoin.
In reality, the extension, which appears normal, could maliciously transfer user funds to a different wallet by intercepting and modifying the transaction when a user interacts with a decentralised application (Dapp).Â
The extension was also designed to evade detection by transaction simulation tools.
Specifically, the extension hijacks the walletâs signTransaction method and forwards it to a remote server controlled by the attacker.
Here, the transaction is modified to include instructions that drain funds from the userâs wallet and transfers authority to the attacker.
When a user finally signs the transaction, the altered instructions are executed, which gives the attacker permission to transfer all tokens from the victimâs wallet.
Meow states that the extension asks for both read and write permission from users during the installation process, adding that this was a major âred flagâ, as any extension claiming to do what Bull checker does would only require âread-onlyâ permission. The founder added:
There have been reports of other drains that we have not been able to track down. If you suspect an extension contains malware, particularly if they have both âreadâ and âchangeâ permissions, uninstall it immediately.
According to the analysis, this extension affected only a âsmall numberâ of users, but further details were not disclosed. Meanwhile, Jupiter has urged users to uninstall any suspicious extensions that require similar permissions. It assured its community that no vulnerabilities were discovered within any of its dapps or wallets.
A recurring theme in crypto
This isnât the first incident in which a malicious browser extension targeted cryptocurrency users.Â
For instance, users of crypto hardware wallet manufacturer Ledger were targeted by a fake extension disguised as the Ledger Live app, which wallet owners use to approve transactions. The extension would require users to input their seed phrases during installation, ultimately using it to drain funds.
Earlier this year, a malicious extension was reportedly mimicking the Aggr app, which offers an array of tools for professional traders. The fake extension was designed to collect website cookies from a victimâs web browsers and use them to reconstruct passwords and recovery keys, specifically targeting Binance accounts.
Attackers in the cryptocurrency space have continued to evolve, using more sophisticated tactics designed to trick victims. As previously reported by Invezz, crypto scammers were spotted using fake Zoom links to deploy malware on Windows computers, resulting in the loss of over $300,000 in funds.
The post Solana users at risk as malicious Google Chrome extension drains funds appeared first on Invezz
Disclaimer
The views and opinions expressed in this article are solely those of the authors and do not reflect the views of Bitcoin Insider. Every investment and trading move involves risk - this is especially true for cryptocurrencies given their volatility. We strongly advise our readers to conduct their own research when making a decision.