Beware of fraudulent TikTok downloaders: Over 130,000 users fall victim to malicious extensions

In the digital world, convenience often comes with sophisticated traps. Recently, a campaign distributing malicious extensions on Chrome and Edge browsers has been exposed. Promising to help users download TikTok videos with ease, these tools are actually "silent thieves" stealing the personal information of hundreds of thousands.

Sophisticated deception under the guise of reputable labels

Cybercriminals have exploited the demand for video downloading to launch a series of extensions with trustworthy-sounding names like TikTok Video Downloader or Mass TikTok Downloader. Some tools were even labeled as "Featured," causing users to lower their guard and install them without hesitation.

A notable aspect of this campaign is the cybercriminals' "lazy" yet effective strategy. Instead of writing multiple types of malware, they use a single source code, which is then repeatedly cloned, renamed, and re-uploaded. Whenever an extension is removed from the web store, a nearly identical copy immediately appears as a replacement.

To gain trust, these tools typically function normally and exactly as advertised for the first few months. Only after building a stable user base do they begin to reveal their malicious nature.

Data collection "black holes" and device fingerprinting

Once activated, these extensions silently monitor and collect all user activities. The stolen information includes:

• Web browsing habits and downloaded files.

• System information such as language and time zone.

• Even the computer's battery status.

The purpose of collecting these granular details is to create a unique digital fingerprint for each device, allowing hackers to accurately identify users. More concerning is that the entire process is controlled remotely, enabling attackers to change the extension's features without requiring a standard software update.

Vulnerabilities in browser review processes

This incident has exposed a major flaw in current extension management. Typically, browsers like Chrome or Edge only thoroughly vet source code at the time an application is released. Once installed on a user's machine, subsequent changes in behavior are rarely monitored closely.

The ability of these extensions to directly interfere with account login sessions makes the risk of personal data leakage more severe than ever, laying the groundwork for large-scale cyberattacks in the future.

How to protect your accounts and personal data

Although this campaign has been uncovered, reports indicate that approximately 12,500 people are still using these malicious tools unknowingly. To ensure your safety, take the following measures immediately:

• Review and remove: Check your browser's extension list. Immediately delete any TikTok video downloaders that seem suspicious or are not strictly necessary.

• Be cautious with permissions: Question why a simple extension would require permission to "read and change all your data" on the websites you visit.

• Use official methods: If you need to download videos, prioritize TikTok's native features or use reputable websites instead of installing third-party software on your browser.