Chrome application “Bull Checker,” which was just found, is a major danger to Solana users. This malicious application drains several wallets by pretending to be a tool for tracking meme coin users and getting around normal detection systems.
A decentralized trade broker called Jupiter found this threat and sent out a warning on August 20th. Under the fake name Meow, the founder said that Reddit had promoted the “Bull Checker” app, which was aimed directly at Solana users. It looked like a harmless extension, but it was actually made to steal money by changing activities that happen when users interact with decentralized apps (dApps).
After being downloaded, “Bull Checker” would wait for users to interact with a real dApp. At this point, “Bull Checker” would change the transaction before sending it to the bank to be signed. Even though the changed transaction would still pass simulation checks and look like it was supposed to be normal, its real purpose was to steal the user’s tokens and send them to a wallet that wasn’t allowed.
Meow pointed out that the app asked for a lot of rights, such as the ability to “read and write” data. Such rights should have been a red flag, since a real wallet-checking tool would only need “read-only” access. Even so, a lot of people installed and used the app, which caused big loses.
Jupiter told everyone that the study into the big dApps and wallets on the Solana network did not find any security holes. Jupiter, on the other hand, told people to check their browser extensions and get rid of “Bull Checker” and any other extensions that ask for a lot of rights and don’t deserve full trust.
This happened right after other security holes were found in the Solana environment, such as a $1 million flaw that caused Cypher Protocol, a Solana-based decentralized futures market, to be temporarily shut down.
People should be careful when they download and use browser plugins, especially ones that come from social media sites like Reddit. There is a lot of room for social engineering and astroturfing, which are bad people giving the idea that something is safe and legitimate when it’s not. We should be very careful with apps that need a lot of rights to read and change data on different websites.
Jupiter’s message is a reminder of the risks that exist in the world of decentralized finance (DeFi), which is changing very quickly, and how important it is to stay alert for possible threats.