- Compromised browser extensions pose a serious threat to cryptocurrency users.
- Several Solana users have fallen for the Bull Checker extension scam.
- Users are encouraged to use key safety technologies.
Malicious actors in the cryptocurrency industry have evolved over the past few years, becoming increasingly subtle and sophisticated in their attempts to exploit unsuspecting victims. What was once limited to overt phishing attempts and scams has now shifted to covert infiltrations, often facilitated by seemingly harmless but in fact dangerous compromised applications.
The most recent threat is a malicious Chrome browser extension that has caused significant damage to several users, calling for urgent vigilance and security measures.
What is a malicious Chrome extension?
Threat actors have been using browser extensions to gain unauthorized access to users’ funds in recent months. According to a recently published study by decentralized trading platform Jupiter, a Chrome extension called “Bull Checker” is the latest software being used to infiltrate and exploit users.
Originally designed as a tool to allow users to track Mimecoin holders, the extension was weaponized to gain more permissions than necessary and read and modify website data.
These manipulations allow threat actors to access unsuspecting users’ data, make unauthorized changes, and ultimately divert funds.
How the Bull Checker Chrome Extension Scam Works
Once Bull Checker is installed, the extension remains hidden until the user interacts with a decentralized application (dApp) on the Solana blockchain. When this happens, the extension hijacks and injects malicious commands into the process, even if there are no vulnerabilities or weaknesses in the target account.
However, the transaction simulation appears normal, which means that no warnings are raised about the manipulation while the user’s tokens are being rerouted to the attacker’s wallet.
For example, in the transactions highlighted in the report, two users from Jupiter and Raydium interacted with their respective dApps separately as usual, but their funds were depleted immediately after completing the transactions. In each case, the extension tricked the users into approving seemingly legitimate transactions, resulting in the theft of their assets.
Who is targeted by the malicious Bull Checker extension?
Some Solana DeFi users have reported that their accounts have been drained in the past week. Jupiter Exchange stated that the primary target of the Bull Checker extension is cryptocurrency traders, especially those involved in memecoin trading.
An anonymous Reddit user using the alias “Solana_OG” also participated in a group promoting the extension, claiming that the goal was to trick traders into downloading it under the pretense that it was harmless.
What to do to stay safe
To avoid falling for Bull Checker Extension scam, users should take the following precautions:
- Remove suspicious extensions: Users who have installed Bull Checker Chrome browser should immediately remove the extension. Users should also remove all other extensions with excessive permissions, especially those that can read and modify any website data.
- Monitor browser extension permissions: Extensions like Bull Checker do not require access to modify data on any website. Users should carefully review the permissions requested by any extension before using it.
- Be mindful of social media recommendations: The tactics involved in promoting these compromised extensions often leverage trust within the community, with users often relying on peer recommendations. Don’t blindly trust an extension because of its community support, and do your own research before using it.
- Take advantage of trusted security features: Users should adopt safety-focused wallets and applications to prevent unauthorized access by malicious actors. Jupiter Exchange highlighted that Blowfish recently introduced SafeGuard guidelines to counter simulated spoofing attacks. Solana wallet users are encouraged to use wallets that support this new additional protection.
On the other side
- The total amount lost as a result of the Bull Checker expansion scam is unknown..
- Chinese Binance users in June 2024 Report $1 Million Hack It was caused by a malicious Chrome extension.
- A total loss was incurred in the second quarter of 2024. $573 million Protect yourself from global cryptocurrency hacks and scams.
Why this matters
The malicious Bull Checker Chrome extension is another reminder of the evolving threat tactics used by malicious actors to exploit the cryptocurrency industry. As these threats become more sophisticated, it is important to understand the risks of interacting with seemingly innocuous extensions, and users must take precautions to ensure their protection.
For more information about the Binance hack via a malicious browser extension, read this article.
Are Your Crypto Extensions Safe? $1M Binance Hack Reveals Risks
Find out how Australia is stepping up its fight against cryptocurrency cybercrime.
Australia cracks down on cryptocurrency scams