Cybersecurity firm Socket: Malicious Chrome extensions are secretly stealing Solana transaction funds

Jinse Finance reported that cybersecurity company Socket has discovered a malicious Chrome extension called "Crypto Copilot" that is secretly stealing funds from users' Solana transactions. This extension allows users to trade Solana directly from the X social media platform, but injects additional instructions into each transaction to siphon off at least 0.0013 SOL or 0.05% of the transaction amount. Unlike typical wallet-draining malware, Crypto Copilot executes trades using the Raydium decentralized exchange, while adding a second instruction to transfer SOL to the attacker's wallet. The user interface only displays a transaction summary, concealing the individual operation instructions.