News

Scripts for clickjacking detected on sites with a total audience of 43 million users per day

For the first time clickjacking attracted the attention of information security experts more than ten years ago, and since that time it continues to be very popular with cybercriminals. Now scripts for clickjacking detected on many sites.

Despite the constant improvement of protection mechanisms against this threat by browser developers, it is not possible to destroy it.

A team of researchers, consisting of Microsoft experts and scientists from China, South Korea and the American University, analyzed 250 thousand sites from the Alexa list.

“Because of the critical role of clicks in the Web ecosystem, attackers aim to intercept genuine user clicks to either send malicious commands to another application on behalf of the user or fabricate realistic ad click traffic”, — report specialists.

Researchers have identified three techniques currently used by cybercriminals to intercept clicks.

The list of clickjacking techniques includes intercepting hyperlinks (using third-party scripts that interact with the original URLs, or huge links that cover most of the page), adding navigation events to the page element, as well as various visual techniques (for example, copying original element or use of transparent layers).

Read also: Android Banker Cerberus Uses Pedometer to Avoid Detection

In a study called “All Your Clicks Belong to Me: Investigating Click Interception on the Web“, experts created the Observer framework for monitoring click interception. Due to the dynamic, eventful nature of web applications, it is not possible to evaluate scripts for clickjacking just by looking at the application code, and therefore the Observer tool was developed.

On 613 of the 250 thousand sites studied, researchers found 437 third-party scripts to intercept clicks. The total audience of these sites is 43 million users per day.

Third-party scripts trick victims into clicking on site elements that either look like original content or are invisible and placed on top of the original content. Some scripts intercept clicks in order to monetize, the researchers noted.

So, 36% of 3251 unique URLs for intercepting clicks are associated with advertising – the main way to monetize the Web. In addition to monetization, cybercriminals use clickjacking to infect user systems with malware.

“Besides monetization, we find that click interception can lead a user to visit malicious contents. In particular, we were directed to some fake anti-virus (AV) software and drive-by download pages when we manually examined some of the click interception URLs”, — said researchers.

Team of researchers considers that their work sheds light on an emerging client side threat, and highlights the need to restrict the privilege of third-party JavaScript code.

Polina Lisovskaya

I works as a marketing manager for years now and loves searching for interesting topics for you

Recent Posts

Remove Chernars.com Pop-up Ads

About Chernars.com Chernars.com pop-ups can not open out of nowhere. If you have actually clicked…

5 hours ago

Remove Eclipse-adblocker.pro Pop-up Ads

About Eclipse-adblocker.pro Eclipse-adblocker.pro pop-ups can not open out of nowhere. If you have actually clicked…

5 hours ago

Remove Initiateadvancedcompletelythe-file.top Pop-up Ads

About Initiateadvancedcompletelythe-file.top Initiateadvancedcompletelythe-file.top pop-ups can not open out of nowhere. If you have actually clicked…

5 hours ago

Remove Pbmsoultions.com Pop-up Ads

About Pbmsoultions.com Pbmsoultions.com pop-ups can not launch out of the blue. If you have actually…

3 days ago

Remove Prizestash.com Pop-up Ads

About Prizestash.com Prizestash.com pop-ups can not expose out of the blue. If you have actually…

3 days ago

Remove Verifiedbreaking.com Pop-up Ads

About Verifiedbreaking.com Verifiedbreaking.com pop-ups can not launch out of nowhere. If you have actually clicked…

3 days ago