Хакеры атакуют трейдеров Solana с помощью скрытого расширения Crypto Copilot для Chrome Translation: Hackers Target Solana Traders with Hidden Crypto Copilot Extension for Chrome

A malicious browser extension for Google Chrome called Crypto Copilot has been identified, which siphons hidden fees during cryptocurrency trading. This discovery was made by researchers from Socket.

This tool allowed users to execute transactions on the Solana network «directly through the feed on X.» However, each transaction incurred additional charges of at least 0.0013 SOL or 0.05% of the total amount.

The funds were redirected to a wallet controlled by the attacker. Notably, the fees were not mentioned in the extension’s description and were concealed through «obfuscated code.»

«When a user performs a swap, Crypto Copilot generates an expected exchange instruction on Raydium, then discreetly adds a second instruction that transfers SOL from the user to [the scammer],» security experts explained.

The extension connects to Phantom, Solflare, and other standard Solana wallets, and it displays token data from DexScreener. Its marketing emphasizes speed, convenience, and «one-click trading.»

As of the time of writing, Crypto Copilot remains available for download in the Chrome app store, despite a complaint filed by Socket with Google. The extension has been in existence since June 2024.

«The program connects to the webpage, recognizes tokens, and presents a swap button alongside popular posts on [X]. It requests standard wallet permissions to connect and sign transactions, which is not unusual,» researchers noted.

It is worth mentioning that in August, the Jupiter team discovered a malicious Chrome extension named Bull Checker, aimed at stealing assets within the Solana network.