Solana Users Targeted by Malicious Chrome Extension

Jupiter, a Solana-based DEX aggregator, has issued an urgent alert to its users about a malicious Chrome extension targeting DeFi users on the Solana network.

The “Bull Checker” extension targets the Solana DeFi community by intercepting transactions and stealing SOL tokens.

Solana Users Targeted by Malicious Chrome Extension

The malicious extension transfers tokens to another wallet without the user’s knowledge once a transaction is completed. Jupiter DEX strongly recommends users remove the extension immediately and avoid installing add-ons from unverified sources.

According to an official analysis shared via its X (formerly Twitter) account, Jupiter confirmed that the “Bull Checker” extension poses a serious threat to Solana users. The team has highlighted the need for heightened security measures when interacting with Solana-based applications and advises enabling all possible security layers.

“After extensive investigation, we have identified a malicious Chrome extension called ‘Bull Checker’ that had targeted users on several Solana-related subreddits. Users with this extension would interact with the dApps as per normal, have the simulation show up as normal, but have the possibility of their tokens being maliciously transferred to another wallet upon transaction completion,” Jupiter team explained.

Read more: 15 Most Common Crypto Scams To Look Out For

Jupiter DEX clarified that there are no vulnerabilities in its wallets or DApps. To illustrate how the malware operates, the platform shared examples of transactions affected by the attack (e.g., 5UMuc…..q2pZjr).

“In both cases, malicious instructions were added to regular Jupiter and Raydium instructions, and the resulting transaction was signed by the user as per normal, but had their tokens and authority transferred to the malicious address,” the team added.

Additionally, the team revealed that the malware was promoted by an anonymous Reddit user, “Solana_OG,” who specifically targeted meme coin investors. Earlier this year, Solana’s popularity surged due to the success of meme-inspired assets. Capitalizing on this trend, the malicious browser extension targeted Reddit users interested in trading these cryptocurrencies.

Read more: How to Buy Solana Meme Coins: A Step-By-Step Guide

Although “Bull Checker” has been exposed as a scam, other harmful extensions may still be undetected. Solana users should remain cautious and uninstall any suspicious extensions.