The Jupiter exchange has issued a warning about a malicious Chrome extension called "Bull Checker," which targets Solana users. After complaints from several Solana (SOL) decentralized finance users about drained crypto wallets, Jupiter conducted extensive investigations and identified the malicious extension.
The Jupiter team’s findings were shared in an Aug. 19 post on X, revealing that Bull Checker had been targeting members of various Solana subreddits on Reddit. The browser extension allowed users to interact with decentralized applications but secretly added instructions to transfer tokens to a different address.
When installed, Bull Checker requested permissions to read and change all data on websites, which Jupiter indicated was unnecessary for a read-only extension.
This should have been a major red flag for users, but apparently, several users continued to install and use the extension.
Meow, Jupiter Exchange founder
The extension was reportedly promoted by an anonymous Reddit user named "Solana_OG," who targeted members of Solana subreddits interested in trading meme coins and encouraged them to download Bull Checker.
As of the latest reports, the extension appears to have been removed from the Chrome Web Store. However, the Jupiter exchange team advises users to stay vigilant against similar malicious extensions. Users are warned to be cautious of extensions that request excessive permissions and to be skeptical of recommendations and popular tools that might use social engineering or astroturfing.
Jupiter reassured users that no vulnerabilities were found in major Solana dApps or wallets during their investigations.
