LayerX researchers uncovered a coordinated campaign of at least 12 browser extensions that pose as TikTok downloaders while secretly tracking users and harvesting telemetry. The operation has compromised over 130,000 users on Google Chrome and Microsoft Edge by reusing a single code family, employing long-lived trust-building tactics, and using remote configuration to change malicious behavior after installation. #LayerX #TikTokVideoDownloader
Keypoints
- LayerX identified at least 12 interconnected extensions that advertised TikTok-saving functionality while harvesting user data.
- Over 130,000 users were compromised across the Google Chrome and Microsoft Edge marketplaces.
- Attackers reuse a single code family to produce clones and lightly rebranded extensions, increasing resilience and redeployment speed.
- Extensions often operate benignly for months and can gain “Featured” status before receiving remote-configured malicious instructions.
- Collected telemetry—including usage patterns, device language/timezone/user agent, and battery status—enables unique user fingerprinting and future abuse.
Read More: https://securityonline.info/tiktok-downloader-extension-malware-layerx-report/