Windows Mac ForMac Answers Forum

Clickjackers Could Become a New Trend in Malware

V
  • Vlad Tiganasu,
  • 9 years ago
  • Editor Informer Technologies, Inc.

Clickjackers Could Become a New Trend in Malware Clickjackers Could Become a New Trend in Malware

The first thing we need to do is establishing what clickjackers are. Clickjacking is a technique which hackers use to trick the users into performing actions they do not want to. This type of malware embeds hidden code into a button, thus making it perform a different action from what you would expect. For example, when you close a webpage you might receive a pop-up which asks you if you actually want to close the page or remain on it. If it is a clickjacker, the "close" button will also launch another webpage, thus performing an action that you didn't agree to (trust me, opening another webpage is one of the least harmful things that these things can do).

Unfortunately, those who make spyware get smarter with each passing day and since both Chrome and Firefox have proven to be vulnerable to Clickjackers, their potential to take away your time/money/data is quite high. What makes these things so difficult to guard against is that they're perfectly invisible to the regular user and they obfuscate the code inside under multiple layers so that you can only find out what they do by actually running them. Furthermore, certain clickjackers can even trap the less tech savvy users into a loop, coercing them to click a specific button.

To give you a specific example, last year, an extension that worked on Chrome and Mozilla (from the website: WeLikeTheWeb.com) pushed a website recommendation engine which was actually a clickjacker. In theory, the engine was an ad-injector, which most people would hate by default. Basically, marketers pay to people who make ad-injectors to serve you links to their website, then pay them by the click. If the user clicks on a link provided by the software, the people who made the ad-injector get paid (in the case WeLikeTheWeb). However, after some laborious research, the security engineers discovered a script obfuscated within the code which hijacked the link to make a third-party receive the money from the click. What's really alarming is that, because the code is obfuscated, VirusTotal saw absolutely nothing wrong with the file, classifying it as clean.

Keeping yourself safe from click jacking is not very easy as you can encounter this kind of technique anywhere. The only piece of advice I can give you is to be very careful about the freeware that you install, and pay special attention to the additional applications that came bundled with it.

G
Guest
Wow! Thank you very much for the info but how can you tell if a "freeware" program, app, etc. is infected with this type of infection?

Was it helpful?  yes(0) no(0) | Reply
G
Guest
I like this.

Was it helpful?  yes(0) no(0) | Reply
G
Guest
Will virus software detect this on my computer and if not, can virus software eradicate whatever ends up being on my computer that is undesirable?

Was it helpful?  yes(0) no(0) | Reply
G
Guest
If it was circulating on the Internet long enough to be spotted, they will detect it. As for the after effects, you might need an additional tool. I suggest googling the name of whatever infects your PC and see how others got rid of if.

Was it helpful?  yes(0) no(0) | Reply

Referenced Windows applications

COMODO Internet Security
FREE
rating

Award-winning Comodo Firewall and Antivirus protection for PCs. Free for life.

McAfee Internet Security
rating

An Internet security program with various optimization and protection features.

eScan Internet Security for Windows
rating

Heuristics algorithms of eScan antivirus protects your PC from unknown malware.

Author's other posts

How to make your Mac kid-friendly?
Article
How to make your Mac kid-friendly?
A few tips on how to ensure your kids' safety while they're using Macs as well as on how to keep the machine safe from your children.
Samsung's next Galaxy phone is already up for reservations
News
Samsung's next Galaxy phone is already up for reservations
Even though Samsung hasn't announced the price of the upcoming Galaxy phone or its technical specifications, we can already make reservations and be among the first to receive it.
Find out which Android phones will be able to run Fortnite
News
Find out which Android phones will be able to run Fortnite
Curious to see if you'll be able to play the Android version of Fortnite on your phone? Here's the complete list of supported devices.
Facebook is trying out paid subscriptions for Groups
News
Facebook is trying out paid subscriptions for Groups
Facebook may have found a new way to monetize its Groups feature as it's getting ready to start testing paid subscriptions.