Fake TikTok Downloader Extensions Hacked, Exposing 130,000 Users' Data

Post Views: 8

TikTok StealTok Malware Campaign Exposed

Researchers at LayerX Security have discovered a sophisticated malware campaign targeting TikTok users, dubbed “StealTok.”

According to researchers, the campaign involved over a dozen browser extensions available on major marketplaces, including Chrome and Microsoft Edge stores.

Campaign Tactics and Capabilities

The malicious extensions were designed to enhance the TikTok experience.
They possessed capabilities to gather extensive user data and compromise sensitive information.
The campaign initially built a reputation by offering legitimate services, allowing the attackers to establish a significant user base before activating their malicious features.
This approach enabled the malicious actors to evade detection for over a year, during which time they accumulated over 130,000 victims worldwide.

Data Collection and Tracking

The extensions operated by collecting high-entropy data points, including:
Timezone
Language settings
Device battery status

By combining these data points, the attackers can create a unique fingerprint for each user, facilitating long-term tracking across multiple web sessions.

Recommendations for Affected Users

Remove any installed extensions related to the StealTok campaign.
Change passwords for sensitive accounts, such as email and bank accounts.
Review browser settings to ensure that sensitive financial information and personal details have not been compromised.

Conclusion

The StealTok campaign highlights the importance of vigilance when using browser extensions and the need for law enforcement agencies to monitor and address such threats. Even seemingly innocuous extensions can pose significant risks if left unchecked.