Bull Checker Extension Pilfers Meme Tokens from Users

The Jupiter team has uncovered a malicious Chrome extension, Bull Checker, aimed at stealing assets on the Solana network.

Identification Of Malicious Extension
Over the last week, we received reports that a small number of users using Solana DeFi got drained.

After extensive investigation, we have identified a malicious Chrome extension called “Bull Checker” that had targeted users on several… pic.twitter.com/pubayfmD9h

— Jupiter ? (@JupiterExchange) August 19, 2024

The developers received several complaints from users of various DeFi services about their wallets being drained. According to the investigation, each affected user had installed the Bull Checker extension, which marketed itself as a portfolio tracker for meme tokens.

Links for downloading it were shared in several Solana blockchain-related subreddits. Once installed, Bull Checker requested permission to read and change all data on the site.

Thus, malicious scripts were added to the standard instructions of dapps, and after the user signed a transaction, their tokens and credentials were transferred to the attacker’s address. The primary targets were meme coin traders.

Jupiter experts emphasized that they found no vulnerabilities directly in the applications or wallets.

They urged users to remove browser extensions that request extensive permissions.

Earlier, researchers at Elastic Security Labs discovered new malware, Banshee Stealer, targeting crypto wallets and over a hundred extensions across nine browsers.