Did you know Double Clickjacking Can Allow Hackers to Hijack Your Accounts Even without Your Knowledge

 

According to a security researcher and bug hunter, Paulos Yibelo, double clicking some buttons on your browser can lead to some hackers hijacking your account. These attacks are being termed as “clickjacking” where hackers can easily swap web pages and the users don't even get to know about it. Those hackers then make victims authorize money transfer or give access to their bank accounts unknowingly. At first, hackers used to do single click hijacks but now the technology has become advanced and browsers do not have cross site cookies that used to be a source of hacking. So now hackers have turned towards double click hijacks which opens the doors to UI manipulation attacks too.

The hackers do clickjacking by making a phishing site appear before users and present them with a common CAPTCHA notification which asks the users to verify that they are humans by double clicking on it. In the background, the hackers work to add functionality that takes the victims to a sensitive page. When the victim does a single click, it closes the top window and reveals another page. When the victim double clicks, it reveals the sensitive page, which approves authorization, gives permissions and completes all other actions. It doesn't matter what your clicking speed is, because hackers keep up with any sort of speed and do everything quickly without anyone knowing.

API permissions and OAuth which can allow hackers to do account changes like money transfers, disable security settings and confirming transactions on the account can also be done through double clickjacking by the hackers. Hackers can also use this technique to attack browser extensions, and can even open more sensitive windows without the victim knowing. Disable all your critical buttons by default and update your browsers to keep your accounts safe from any kinds of hacking attempts.