Malicious code seems to be focused on crypto, hopefully bubble’s codebase is safe.
Quote from reddit post:
How the Malware Works (Step by Step)
-
Injects itself into the browser
-
Hooks core functions like
fetch,XMLHttpRequest, and wallet APIs (window.ethereum, Solana, etc.). -
Ensures it can intercept both web traffic and wallet activity.
-
-
Watches for sensitive data
-
Scans network responses and transaction payloads for anything that looks like a wallet address or transfer.
-
Recognizes multiple formats across Ethereum, Bitcoin, Solana, Tron, Litecoin, and Bitcoin Cash.
-
-
Rewrites the targets
-
Replaces the legitimate destination with an attacker-controlled address.
-
Uses “lookalike” addresses (via string-matching) to make swaps less obvious.
-
-
Hijacks transactions before they’re signed
-
Alters Ethereum and Solana transaction parameters (e.g., recipients, approvals, allowances).
-
Even if the UI looks correct, the signed transaction routes funds to the attacker.
-
-
Stays stealthy
-
If a crypto wallet is detected, it avoids obvious swaps in the UI to reduce suspicion.
-
Keeps silent hooks running in the background to capture and alter real transactions
-