A malicious Chrome extension named Crypto Copilot has been identified, capable of secretly siphoning Solana funds during swap transactions. The extension disguises its activity through obfuscated code, legitimate services, and hidden fees, targeting decentralized exchanges like Raydium. #CryptoCopilot #Solana #Raydium #ChromeWebStore #DeFiThreats
Keypoints
- The extension was first published on May 7, 2024, with only 12 installs.
- Crypto Copilot injects hidden Solana transfers into user-initiated swap transactions.
- The malicious code appends an extra transfer, funneling funds to an attacker-controlled wallet.
- It communicates with a backend domain that reports user activity and manages wallet data.
- Most users are unaware of the hidden fees and transfers due to the extensionβs obfuscation techniques.
Read More: https://thehackernews.com/2025/11/chrome-extension-caught-injecting.html