TechFlow news, November 27 — According to Cointelegraph, cybersecurity firm Socket has discovered a malicious Chrome extension named "Crypto Copilot" that secretly steals funds from users' Solana transactions. The extension allows users to conduct Solana transactions directly from the X social media platform but injects additional instructions into each transaction to extract at least 0.0013 SOL or 0.05% of the transaction amount.
Unlike typical wallet-draining malware, Crypto Copilot uses the Raydium decentralized exchange to execute trades and adds a second instruction to transfer SOL to the attacker's wallet. Meanwhile, the user interface only displays a transaction summary, hiding the individual operation commands.
Since its release on June 18, 2024, the extension has had only 15 users. Socket has submitted a takedown request to the Chrome Web Store security team. Security experts warn that the Chrome extension ecosystem, due to its large user base and extensible design, has long been a prime target for cryptocurrency scams.
