• Home
  • News
  • Clickjackers Could Become a New Trend in Malware

Clickjackers Could Become a New Trend in Malware

The first thing we need to do is establishing what clickjackers are. Clickjacking is a technique which hackers use to trick the users into performing actions they do not want to. This type of malware embeds hidden code into a button, thus making it perform a different action from what you would expect. For example, when you close a webpage you might receive a pop-up which asks you if you actually want to close the page or remain on it. If it is a clickjacker, the "close" button will also launch another webpage, thus performing an action that you didn't agree to (trust me, opening another webpage is one of the least harmful things that these things can do).

Unfortunately, those who make spyware get smarter with each passing day and since both Chrome and Firefox have proven to be vulnerable to Clickjackers, their potential to take away your time/money/data is quite high. What makes these things so difficult to guard against is that they're perfectly invisible to the regular user and they obfuscate the code inside under multiple layers so that you can only find out what they do by actually running them. Furthermore, certain clickjackers can even trap the less tech savvy users into a loop, coercing them to click a specific button.

To give you a specific example, last year, an extension that worked on Chrome and Mozilla (from the website: WeLikeTheWeb.com) pushed a website recommendation engine which was actually a clickjacker. In theory, the engine was an ad-injector, which most people would hate by default. Basically, marketers pay to people who make ad-injectors to serve you links to their website, then pay them by the click. If the user clicks on a link provided by the software, the people who made the ad-injector get paid (in the case WeLikeTheWeb). However, after some laborious research, the security engineers discovered a script obfuscated within the code which hijacked the link to make a third-party receive the money from the click. What's really alarming is that, because the code is obfuscated, VirusTotal saw absolutely nothing wrong with the file, classifying it as clean.

Keeping yourself safe from click jacking is not very easy as you can encounter this kind of technique anywhere. The only piece of advice I can give you is to be very careful about the freeware that you install, and pay special attention to the additional applications that came bundled with it.

Comments

Guest #37302694

Wow! Thank you very much for the info but how can you tell if a "freeware" program, app, etc. is infected with this type of infection?

 –  6 years ago  –  Was it helpful? yes | no (0)
Guest #37647863

I like this.

 –  6 years ago  –  Was it helpful? yes | no (0)
Guest #37489238

Will virus software detect this on my computer and if not, can virus software eradicate whatever ends up being on my computer that is undesirable?

 –  6 years ago  –  Was it helpful? yes | no (0)

If it was circulating on the Internet long enough to be spotted, they will detect it. As for the after effects, you might need an additional tool. I suggest googling the name of whatever infects your PC and see how others got rid of if.

 –  6 years ago  –  Was it helpful? yes | no (0)