[Malicious Google Chrome Extension 'Crypto Copilot' Steals Solana Exchange Funds Through Hidden Transfers] According to a report by Cointelegraph, cybersecurity company Socket disclosed on Tuesday that a malicious Google Chrome browser extension called Crypto Copilot allows users to trade on the Solana blockchain via posts on the X social media platform, while secretly siphoning fees from each transaction into the creator's wallet. When the extension uses the decentralized exchange Raydium to execute swaps for users, it adds a hidden transfer command that moves Solana tokens from the user's account to the attacker's account. Unlike typical malware that attempts to steal an entire wallet balance, this extension takes at least 0.0013 Solana tokens (approximately 0.05% of the transaction amount) per transaction. The user interface only displays the swap details, while the wallet confirmation interface summarizes the transaction without showing specific commands, leading users to believe they are only authorizing a single swap when, in fact, they are authorizing both the swap and the fund transfer. Although the extension has only accumulated 15 users since its release on June 18, 2024, it still highlights the security risks present in the browser extension ecosystem.