Enhancer for YouTube™: New Layout, Video Downloader, and More Features was reported 2026/03/13 for Malware
claude 4.6 sonnet says,
Do not install this script. It is malware. Here's what I found:
Critical Security Issues
1. Remote Code Execution Backdoor (Line 11113-11156) — The most dangerous part
javascript
Every time the script runs (up to 15 times/day), it contacts staticj.top and eval()s whatever code the server returns. This gives the server owner full control to execute arbitrary JavaScript in your browser with complete userscript privileges — at any time, without any update to the script file itself.
2. Affiliate Link Hijacking (Lines 11249-11266)
On shopping sites, the script silently rewrites every tag on the page to inject tracking parameters, stealing affiliate commissions from original links.
3. Shopping Surveillance & Forced Redirects (Lines 11271-11303)
Contacts oversea.mimixiaoke.com to decide whether to inject tracking on shopping/crypto sites — including Binance, Coinbase, Kraken, OKX, cloud hosting providers, and e-commerce platforms. Can also forcibly redirect your browser (window.location.href = target.rpl).
4. Completely Hidden Functionality
Despite being called a "YouTube Enhancer", the script embeds a full shopping coupon, price comparison, and affiliate tracking system that runs across AliExpress, Amazon, Shopee, Lazada, eBay, eBay, crypto exchanges, etc. This functionality is deliberately hidden from the description.
Summary
This script is a trojan — the YouTube UI improvements are real and used as cover, but the script contains a remote code execution backdoor tied to staticj.top. Anyone who controls that domain can push and execute any code in your browser at any time. Delete this file and don't install it.
Pedro Vik (the reported user) has made:
This report has been upheld by a moderator, but the moderator marked it as Disallowed external code.