The recent emergence of a new malicious browser extension called the “Bull Checker” has raised significant concerns within the Solana community on Reddit. Targeting users under the guise of a meme coin tracker, this extension has managed to avoid detection systems and drain the wallets of unsuspecting Solana users.
Reports from Jupiter’s pseudonymous founder, Meow, revealed that several Solana DeFi users fell victim to unauthorized token drains caused by the “Bull Checker” extension. Further investigation with partners led to the discovery that the extension was specifically targeting users on various Solana-related subreddits. Although the extension appeared innocuous, allowing users to interact with dApps normally, it secretly transferred tokens to unauthorized wallets without their knowledge.
One concerning aspect of the “Bull Checker” extension was the extensive permissions it required from users upon installation. While the extension was designed as a read-only tool for displaying meme coin holders, it demanded permission to read and write data on all websites. This should have raised red flags for users, signaling a potential threat to their security.
Once installed, the “Bull Checker” extension laid dormant until a user engaged with a standard dApp on its official domain. At that point, the extension would modify the transaction before it was signed by the user’s wallet, making the unauthorized transfer appear normal. This deceptive tactic disguised the extension’s true intent as a drainer, allowing it to siphon tokens without detection.
Further investigation by Jupiter’s founder revealed that the malicious extension was promoted by an anonymous Reddit account named “Solana_OG.” This account targeted users interested in trading meme coins, enticing them to download the extension under false pretenses. This highlights the dangers of trusting recommendations on platforms like Reddit without exercising caution and skepticism.
The “Bull Checker” incident serves as a stark reminder of the risks posed by malicious browser extensions. Users must be vigilant and skeptical when encountering recommendations, especially on social media platforms where bad actors can easily manipulate public perception. By exercising caution and avoiding extensions that request extensive permissions, users can mitigate the threat of falling victim to similar attacks in the future.