Malicious Chrome extensions secretly steal Solana transaction funds

According to Cointelegraph, cybersecurity company Socket has discovered a malicious Chrome extension called "Crypto Copilot" that is secretly stealing funds from users' Solana transactions.

The extension allows users to conduct Solana transactions directly from the X social media platform, but it injects additional instructions into each transaction, siphoning off at least 0.0013 SOL or 0.05% of the transaction amount. Unlike typical wallet-draining malware, Crypto Copilot executes transactions using the Raydium decentralized exchange while adding a second instruction to transfer SOL to the attacker's wallet, with the user interface only displaying a transaction summary, hiding the separate operational instructions. Since its release on June 18, 2024, the extension currently has only 15 users. Socket has submitted a takedown request to the Chrome Web Store security team. Security experts warn users that the Chrome extension ecosystem has long been a popular target for cryptocurrency scams due to its large user base and scalable design.