Bypassing security cameras, Decentralized Exchange aggregator Jupiter has discovered a new malicious browser plugin called “Bull Checker,” which has already empty the wallets of many Solana users.
Jupiter creator Meow reported in an Aug. 20 research article that Reddit was advertising the “Bull Checker” plugin, accessible on Google Chrome, as a tool to examine all holders of certain memcoeins. Actually, however, it was meant to employ transaction modification to pilfers money from users’ wallets.
Jupiter said in an Aug. 19 message on X, “if you have this extension (or similar extensions with extensive permissions you cannot trust), please remove it immediately.”
Stealthy Attack Techniques and Community Warning
While users are interacting with approved distributed apps (DApps) on official domains, the Bull Checker addon might pass Solana simulated tests and show normal appearance. Once a transaction started, the extension changed it to fraudulently transfer tokens to another wallet while still showing the user a regular simulated outcome.
Meow clarified that the requested “read and write” data access for the extension should have raised concerns as actual wallet-checking extensions usually need “read-only” rights. Several consumers sadly installed and utilized the plugin, which resulted in financial theft.
Jupiter underlined that throughout their analysis the main Solana DApps or wallets showed no weaknesses. But this finding follows previous major security lapses in the Solana ecosystem, including a $1 million Cypher Protocol hack earlier this month.
To prevent being victim to these attacks, users are advised to use vigilance and confirm the validity of browser extensions, particularly those claiming significant rights.
You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.