219/69 Wednesday, April 22, 2026
Researchers from LayerX have uncovered a malicious campaign named StealTok, which spreads through browser extensions on Google Chrome and Microsoft Edge. These extensions impersonate TikTok video download tools (no watermark), but their real purpose is to harvest user data and perform detailed device fingerprinting. The campaign has reportedly been active for over a year, frequently changing extension names and appearances to evade detection, and has already impacted more than 130,000 users worldwide.
Many of these extensions behave benignly during their first 6–12 months to build trust and grow their user base-some even receiving a “Featured” badge from official stores. Only later do they begin communicating with external servers to receive malicious commands. Researchers found that the extensions collect detailed metadata such as timezone, language, and battery status, which can be used to generate persistent digital fingerprints for cross-session tracking. Although some extensions have been removed, several remain available for installation, with over 12,500 users still affected.
The report warns that these malicious extensions can intercept keystrokes and access sensitive login tokens. Users who have installed such extensions are strongly advised to remove them immediately-not just disable them-and to change passwords for critical accounts such as email and banking applications. Additionally, users should review any sensitive data stored in their browsers to minimize potential damage from prior unauthorized access.
Source https://hackread.com/fake-tiktok-downloaders-chrome-edge-spy-users/