Cybersecurity researchers have discovered a new malicious extension on the Chrome Web Store that's capable of injecting a stealthy Solana transfer into a swap transaction and transferring the funds to an attacker-controlled cryptocurrency wallet.

The extension, named Crypto Copilot , was first published by a user named "sjclark76" on May 7, 2024. The developer describes the browser add-on as offering the ability to "trade crypto directly on X with real-time insights and seamless execution." The extension has 12 installs and remains available for download as of writing.

"Behind the interface, the extension injects an extra transfer into every Solana swap, siphoning a minimum of 0.0013 SOL or 0.05% of the trade amount to a hardcoded attacker-controlled wallet," Socket security research

See Full Page