Cybersecurity Threats: Malicious Chrome Extension Targets Solana Users
Full Transcript
Cybersecurity researchers have recently uncovered a malicious Chrome extension named Crypto Copilot, targeting Solana users by injecting hidden transfer fees into transactions. According to a report by Socket security researcher Kush Pandya, this extension was first published on May 7, 2024, by a user identified as sjclark76.
Despite having only twelve installs, the extension remains available for download. It deceptively claims to facilitate crypto trading directly on X, providing real-time insights and seamless execution.
However, behind this facade, the extension manipulates swap transactions on the Raydium decentralized exchange, which operates on the Solana blockchain. The malicious code is obfuscated, activating upon performing a Raydium swap.
This code appends a hidden SystemProgram.transfer method to each swap transaction before the user’s signature is requested. As a result, it siphons a minimum of 0.0013 SOL, or 0.05 percent of the trade amount, to a wallet controlled by the attacker.
If the swap amount exceeds 2.6 SOL, the fee escalates to 2.6 SOL plus an additional 0.05 percent of the swap amount. The report indicates that the malicious behavior is cleverly concealed through techniques like code minification and variable renaming, ensuring most users remain oblivious to the added fees.
Furthermore, the extension communicates with a backend hosted on the domain crypto-coplilot-dashboard.vercel.app, which is designed to register connected wallets, fetch referral data, and monitor user activity.
This domain, along with cryptocopilot.app, does not offer any legitimate product. Notably, the interface presented to users only displays details pertinent to the swap, keeping them uninformed about the hidden fees.
The extension gives the impression of using trusted services such as DexScreener and Helius RPC, enhancing its deceptive credibility. Kush Pandya emphasizes that most users will not detect these silent transfers unless they meticulously inspect each instruction prior to signing.
This incident underscores the persistent cybersecurity threats that loom over cryptocurrency transactions, highlighting the need for increased vigilance among users. As the cryptocurrency landscape evolves, so too do the tactics of cybercriminals, making it crucial for users to remain informed and cautious in their trading practices.
This situation serves as a stark reminder of the risks inherent in the rapidly changing world of digital currencies.