You will like me, even if don’t want to - or how to avoid clickjacking

You will like me, even if you don’t want to

Have you ever noticed in social media when a friend suddenly likes a video/page/article but this choice does not make sense with her basic personality or behavior? A good example would be when your cousin from the countryside suddenly likes articles about fashion week in New York. This may lead to two conclusions: She is now into fashion and wants to be the next supermodel or she might be a victim of Clickjacking and probably never noticed what happened.

However, Clickjacking is not just about fashion week in New York

Most examples of Clickjacking are embarrassing, clickbait, or even sex related. Clickjacking is the technique for tricking web users into clicking on something different from what they think they are clicking on. Technically, it is also called a user interface redress attack.

You will like me, even if don’t want to - or how to avoid clickjacking - in-post

How does Clickjacking work?

Is it a malware file that hides on my computer and clicks on “like” when I am not watching? Could it be? This time, not really. In this particular version, the bad guys have “infected” web pages that run specific java scripts that will use the running Facebook session in order to generate “like”/”share” unnoticed posts/pages.

The way it works is quite simple. It will count as a “like” when the user just moves the mouse over a hidden field (not even clicking on it). We have noticed in the last days a huge amount of “ClickJack/AutoLike” infections on BlogSpot pages all around the globe.

Nevertheless, you do not need to worry about these extra likes

Avira is already checking for those scripts and detecting them as “HTML/Infected.WebPage.Gen2”.

In addition, we have some extra tips and suggestions to completely avoid these kinds of infections:

  • Log out from social media (Facebook, Instagram..) when you are not active
  • Check your activity log for unusual activity
  • Stay sharp and aware
  • Control JavaScript (have a No-Script add-on in your browser)

This post is also available in: GermanFrenchItalian