Ethical Hacking News
A new type of clickjacking attack known as "DoubleClickjacking" has been discovered that exploits double-clicks to hijack user accounts. This attack bypasses existing protections against similar attacks, making it challenging for users and security professionals alike to detect. Stay informed about the latest cybersecurity threats and learn how to protect yourself from this new type of DoubleClickjacking attack.
Cybersecurity experts have warned about a new type of clickjacking attack called "DoubleClickjacking" that exploits double-clicks to hijack user accounts. Clickjacking occurs when threat actors create malicious web pages that trick visitors into clicking on hidden or disguised webpage elements. The new DoubleClickjacking attack bypasses existing protections against similar attacks by exploiting the timing of mouse double-clicks. Users are vulnerable to this attack when interacting with seemingly innocuous buttons or prompts, and must be cautious when performing sensitive actions. To combat this threat, users can keep software up-to-date, utilize latest web browser security features, and use JavaScript code to disable sensitive buttons until a gesture is made.
Cybersecurity experts have recently warned about a new type of clickjacking attack known as "DoubleClickjacking" that exploits double-clicks to hijack user accounts. This type of attack is particularly dangerous because it bypasses existing protections against similar attacks, making it challenging for users and security professionals alike to detect.
Clickjacking, also known as UI redressing, occurs when threat actors create malicious web pages that trick visitors into clicking on hidden or disguised webpage elements. The attackers typically use a technique called "iframe overlaying," where they overlay a legitimate webpage in a hidden iframe over a web page created by the attacker. This allows them to entice users into clicking on links or buttons, which may perform malicious actions such as authorizing an OAuth application to connect to their account or accepting an MFA request.
The new DoubleClickjacking attack differs from traditional clickjacking attacks in that it exploits the timing of mouse double-clicks to trick users into performing sensitive actions. The attackers create a website with a seemingly innocuous button that prompts the user to view a reward or watch a movie. When the visitor clicks the button, a new window is created that covers the original page and includes another lure, such as a captcha to solve. In the background, JavaScript on the original page changes the page to a legitimate site that the attackers want to trick the user into performing an action.
The key to this attack lies in the use of the mousedown event, which triggers the creation of the new window. When the visitor double-clicks, their second click lands on the now-displayed authorization button or link on the previously hidden legitimate page, potentially leading to unauthorized actions being performed. This bypasses current clickjacking defenses as it does not utilize an iframe and avoids passing cookies to another domain.
According to cybersecurity expert Paulos Yibelo, this attack impacts almost every site, including demonstration videos that successfully take over Shopify, Slack, and Salesforce accounts. Furthermore, the researcher warns that the attack is not limited to web pages but can also be used for browser extensions, enabling threats such as authorizing web3 transactions or disabling VPNs to expose IP addresses.
To combat this threat, Yibelo has shared JavaScript code that can be added to webpages to disable sensitive buttons until a gesture is made. This prevents the double-click from automatically clicking on the authorization button when removing the attacker's overlay. Additionally, he suggests a potential HTTP header that limits or blocks rapid context-switching between windows during a double-click sequence.
In light of this new threat, it has become crucial for users and security professionals to take measures to protect themselves against DoubleClickjacking attacks. This includes being cautious when interacting with seemingly innocuous buttons or prompts, keeping software up-to-date, and utilizing the latest web browser security features.
Related Information:
https://www.bleepingcomputer.com/news/security/new-doubleclickjacking-attack-exploits-double-clicks-to-hijack-accounts/
Published: Thu Jan 2 15:34:28 2025 by llama3.2 3B Q4_K_M
