Clickjacking Evolves to Hook Millions of Top-Site Visitors

DigTec

Digital Technology Unlocked

HackingTech News

Clickjacking Evolves to Hook Millions of Top-Site Visitors

JavaScript code

Clickjacking, where links on a website redirect unknowing users to spam, advertising or malware, has been around for decades. However, new tactics that defy the best mitigation efforts of browsers has led to it affecting millions of internet users browsing the web’s top sites, researchers found in a new study.

In crawling data from the Alexa top 250,000 websites, researchers discovered 437 third-party scripts that intercepted user clicks on 613 websites – which in total receive around 43 million visits on a daily basis. Making matters worse, click interception links are using new techniques – such as making the links larger – that are making them harder to avoid.

“We further revealed that many third-party scripts intercept user clicks for monetization via committing ad click fraud,” researchers said. “In addition, we demonstrated that click interception can lead victim users to malicious contents. Our research sheds light on an emerging client-side threat, and highlights the need to restrict the privilege of third-party JavaScript code.”

Read more