A new finding in the field of cybersecurity has revealed the existence of a malicious extension in the Chrome Web Store, called Crypto Copilot. This tool allows for the injection of a hidden transfer of Solana in exchange transactions, redirecting funds to a wallet controlled by the attackers, raising serious concerns about user security in the cryptocurrency ecosystem.
Be Careful if You Use Cryptocurrencies
The extension, published by a user under the pseudonym ‘sjclark76’, has achieved 12 installations and remains available for download. According to security researchers, Crypto Copilot presents a legitimate facade by offering users the ability to trade crypto directly on X with real-time information and seamless execution. However, behind this interface, there is malicious behavior that is triggered when trading on Raydium, a decentralized exchange based on the Solana blockchain.
The extension’s code is obfuscated to avoid detection and manipulates the process by adding an additional transfer of SOL each time a user signs a transaction. This additional transfer charges a minimum of 0.0013 SOL or 0.05% of the exchanged amount, with the money diverted to a hardcoded wallet in the extension’s code. Users may not realize this hidden transfer unless they review each instruction before signing.
Despite the fact that Crypto Copilot is presented as a useful tool that makes use of legitimate services like DexScreener and Helius RPC, its goal seems to be solely to perpetuate fraud at the expense of unsuspecting users. This type of attack highlights the need for constant vigilance in the use of digital tools in the cryptocurrency space.