Click attacks have evolved to take advantage of the double-click action of the mouse to trick victims and bypass page protections against these types of threats.
Manipulating the user interface on web pages makes it easier to launch click attacks, which depend on a malicious website to trick the victim into clicking on an element on the screen, with the promise of watching a video or receiving a reward.
Usually, A cybercriminal takes advantage of a legitimate website to mask a website created for malicious purposes and hide buttons and links that trigger malicious actions, such as downloading malware or stealing a credential in a multi-factor authentication system, How could it be your banking app and end up leaving your account at zero.
This type of attack is not new in the cyber threat landscape, and, in fact, over time, Web browsers have implemented measures to identify and protect users from click attacks.
However, this type of attack has evolvedas cybersecurity researcher Paulos Yibelo has warned: now, instead of a click, the mouse’s double-click sequence is used.
The premise remains the same: trick the victim into clicking on a website element (a video), which hides a button or link that actually triggers a malicious action. Only this time, it opens a new screen, for example, with a captcha that asks you to double click to solve it.
What happens, as the researcher explains, is that The attack takes advantage of the time between the start of the first click and the completion of the second to introduce a new viruswhich is where the user’s last click will ultimately fall.
“One of the surprising things about doing it this way is that It doesn’t matter how slow or fast the target double-click is. Favoring the mousedown event handler allows you to exploit this even for faster or slower double clicks,” Yibelo notes on his blog.
For this researcher, This is a significant threat, because it hardly requires anything from the user. (just double click), and is not limited to web pages, but This technique can also be used in browser extensions.
He also points out its ability to bypass protections against one-click attacks, and warns that Any website is vulnerable to this threat.
#Experts #warn #doubleclick #attack #leave #account #website #vulnerable #threat
