John Ternus will be the next CEO of Apple and will run the company.
Cybercriminals take advantage of the fact that TikTok is one of the most popular social media sites right now. They can make fake accounts on fake apps and websites that look like the real ones to get to more people.article, we'll discuss a number of browser extensions that impersonate official TikTok apps and have compromised tens of thousands of users. We'll explain what they are.
It's important to detect these problems as quickly as possible to take the necessary steps and prevent further damage. It's essential to remove these extensions immediately if they are installed on your browser. We'll provide some recommendations to help you act quickly.
- Fake TikTok additions
This issue was discovered by LayerX Security, a cybersecurity firm. You can find all the details in their April 20th post. They report discovering 12 malicious browser extensions linked to the TikTok app in Google Chrome and Microsoft Edge browsers.
These add-ons, taken together, may have affected approximately 130,000 users. Around 12,500 of them are believed to still be installed. Therefore, thousands of users may still be affected by this security issue and should take action as soon as possible.
These extensions are being marketed as legitimate TikTok downloaders that supposedly allow users to download videos. However, they are actually a scam designed to track user activity and steal confidential data. These extensions use a single piece of code to create multiple, nearly identical extensions.
These extensions use slightly different names, such as "TikTok Video Downloader" or "TikTok Bulk Downloader." Users expect an extension that allows them to download content they view on the social network when using its web version.
According to LayerX Security, all of these extensions use the Manifest V3 (MV3) architecture. These extensions receive instructions through servers controlled by the attackers.
These extensions are designed to modify the plugin's behavior immediately after installation. They allow specific features to be enabled or disabled without user consent. Furthermore, they can redirect activity to unauthorized malicious endpoints.
It's worth noting that these extensions function correctly for a few months, as their design aims to build a good reputation and a large user base. Eventually, the malicious payload is activated, at which point it begins stealing data and compromising user security.
The following is the complete list of malicious add-ons:
If you are using any of these extensions, it is essential to remove them as soon as possible. It is also advisable to review your data, change your passwords, and strengthen your security. We recommend reducing the number of browser extensions you use to minimize risks.