A research team found almost 440 third-party scripts that intercepted user clicks on over 600 popular websites. It was noted that some of the scripts were used to intercept user clicks and perform clicks on ads to generate additional revenue. Other scripts were used to redirect users to malicious websites. The research team detected the scripts by creating a scanning tool called Observer. This tool scans the top 250,000 sites for the presence of clickjacking scripts that intercept the user clicks. Observer focuses on three fundamental actions that rely on intercept clicks. First, the clickjacker could modify an existing hyperlink on a page. Secondly, it could create a new hyperlink in a page and third, it could register an event handler to an HTML event to hook a user’s click. The websites searched have over 43 million clicks daily.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased