Malicious TikTok Downloader Extensions Quietly Compromised 130K Users

LayerX researchers uncovered a widespread campaign of at least 12 interrelated browser extensions marketed as TikTok video downloaders that built user trust by providing expected functionality but secretly collected high-entropy fingerprinting data, used delayed activation, and leveraged attacker-controlled remote configuration servers to change behavior post-installation; the campaign impacted more than 130,000 users across Chrome and Edge and highlights systemic weaknesses in extension permission models and marketplace review processes, with recommended defenses including allowlists, least-privilege, monitoring, browser isolation, and DLP integration.