Solana-based decentralized exchange aggregator Jupiter has issued a warning about a malicious Chrome extension called "Bull Checker."
Several subreddits linked to the prominent "Ethereum killer" have been specifically targeted by the fraudulent extension.
"Bull Checker" pretends to be a rather benign read-only extension that simply allows users to check their cryptocurrencies.
However, the actual goal of this extension is to fool unsuspecting users into transferring their funds to another wallet.
It is worth noting that "Blue Checker" can read and change all your data on a website. This should be treated as a major red flag since such an extension would not normally need this sort of permission.
Godfrey BenjaminThe extension was able to drain the wallets of its victims by modifying transactions from a regular dApp. Unsigned transactions get forwarded to a remote server to a drainer program.
Earlier this year, Solana gained more popularity due to the success of meme coins. Unsurprisingly, the malicious extension was specifically targeting Reddit users who were looking to trade the aforementioned type of cryptocurrencies.
While "BlueChecker" has now been exposed as a sham, it is likely that there are other malicious extensions that are yet to be tracked down. Hence, users should stay vigilant and uninstall all suspicious extensions (especially the ones that require extensive permission).
Earlier this year, a malicious Aggr extension that had positive reviews on the Chrome Store managed to steal millions of dollars worth of crypto.
Vladislav Sopov
Valeria Blokhina