Script URL: https://greasyfork.org/scripts/XXXXXX (or search by name "Enhancer for YouTube™: New Layout, Video Downloader") Latest version: 1.1.9 (December 2025) Author: Solivagant (namespace Solivagant_SS2025)
This script is malicious / highly dangerous and must be deleted immediately.
Evidence of malicious behaviour / extreme risk:
1. Over-permissive and dangerous metadata • @grant GM_xmlhttpRequest • @connect * ← allows requests to ANY domain • @connect oversea.mimixiaoke.com • @connect jtmate.com • @connect staticj.top
2. Video download function deliberately redirects to third-party site Code line: const url = "https://www.tikfork.com/" + LangueUtil.getLang() + "/yt?s=23&url=" + window.location.href; → tikfork.com is an unrelated commercial downloader that displays aggressive ads and can serve malware.
4. No public source repository, code is heavily obfuscated and wrapped in giant IIFE to hide behaviour.
5. With the granted permissions the script can: - read all YouTube/Google cookies - exfiltrate watch history and personal data - perform any action on the user’s account (likes, subscriptions, comments, channel management) - silently load and execute remote code at any time
6. Author “Solivagant” has no verifiable identity and suddenly released this “all-in-one” script in late 2025 with almost identical copies under different names.
This is a typical account-stealing / data-harvesting script disguised as a YouTube enhancer.
Please delete the script and all mirrors immediately and consider banning the author.🤮🤮🤮
Script URL: https://greasyfork.org/scripts/XXXXXX (or search by name "Enhancer for YouTube™: New Layout, Video Downloader")
Latest version: 1.1.9 (December 2025)
Author: Solivagant (namespace Solivagant_SS2025)
This script is malicious / highly dangerous and must be deleted immediately.
Evidence of malicious behaviour / extreme risk:
1. Over-permissive and dangerous metadata
• @grant GM_xmlhttpRequest
• @connect * ← allows requests to ANY domain
• @connect oversea.mimixiaoke.com
• @connect jtmate.com
• @connect staticj.top
2. Video download function deliberately redirects to third-party site
Code line:
const url = "https://www.tikfork.com/" + LangueUtil.getLang() + "/yt?s=23&url=" + window.location.href;
→ tikfork.com is an unrelated commercial downloader that displays aggressive ads and can serve malware.
3. External code execution from untrusted Chinese domains
• Requires https://cdn.jsdelivr.net/npm/[email protected]/youtube.theme.js (not official)
• Explicit @connect to mimixiaoke.com, jtmate.com, staticj.top – none of these domains belong to Google
4. No public source repository, code is heavily obfuscated and wrapped in giant IIFE to hide behaviour.
5. With the granted permissions the script can:
- read all YouTube/Google cookies
- exfiltrate watch history and personal data
- perform any action on the user’s account (likes, subscriptions, comments, channel management)
- silently load and execute remote code at any time
6. Author “Solivagant” has no verifiable identity and suddenly released this “all-in-one” script in late 2025 with almost identical copies under different names.
This is a typical account-stealing / data-harvesting script disguised as a YouTube enhancer.
Please delete the script and all mirrors immediately and consider banning the author.🤮🤮🤮