I don’t like – Facebook Clickjacking and track screen cursors

A misleading script to increase the number of “I like” and an invasive technology to track screen cursors are threatening the Facebook users.

The social media are money machines, the interest of private companies, governments and cybercrime are increasing exponentially. Security experts are observing an alarming trend, a growing number of subjects are spending a great effort to commercialize advertising campaigns and sell “likes” on principal social platforms exploiting borderline methods.

Recently packets of “Likes” are sold in the underground at prices higher than those of credit cards, it is a prolific business that is fueling the criminal activities on social networks. It is quite easy to find on the Internet messages that propose services to increase visibility on the social media is a short time, following typical statements used to promote the business:

“Do you want to increase your popularity?”” Do you want to grow the number of likes for your Facebook profile?”

A dirty method to reach the target is very diffused, hackers use to hide “I like” button in a trivial way forcing the action when users roll over the hidden content with the mouse. The Facebook users have just to click once logged in to Facebook, they will automatically like the Facebook page, this simple action make possible to share with victims the information posted on the page, it Newsfeed, and of course all victim’s friends will be notified that he like the page.

The abuse of social plugin Like Button combined with CSS hiding and JS moving allow the attackers to increase the likes for their pages.

The technical details:

The like button is usually embedded in a wrapper div (e.g. id=”wrapper” in the following figure) element containing an iframe to a Facebook like a button.

When user move the mouse over the parent element of <div id=”wrapper”>, which is in most cases <body> tag, an anonymous JavaScript function is called, which modifies the CSS of the wrapper under your mouse.

To hide the presence of like button the wrapper is transparent with proper settings in the CSS properties:

  • opacity: 0;
  • filter: alpha(opacity = 0);
  • ms-filter: ‘progid:DXImageTransform.Microsoft.Alpha(Opacity=0)’;

In the following example available in the wild the code is easily recognizable, security experts believe that in the future more obfuscation techniques will be implemented by attackers to hide the trick.

According to data provided by Virustotal the behavior known as JS:Clickjack-* has a very low detection ratio, the sample provided by the portal are:

A scaring abuse of the technique could be represented by the diffusion of links to malicious domains that serve malware, the attackers could spread links to exploit kits on other Facebook user’s news feed and convince the victims to click them with social engineering.

Another concerning consideration is at the age of FB users that adopt the described technique, youngster make large use of the above script to increase their popularity on Facebook.

But the threats to Facebook users aren’t finished, the revelations about PRISMthe PRISM surveillance program disclosed the collaboration of the social media giant with the NSA that caused a fall in the trust of netizens in the FB brand. New dark clouds on the horizon for FB users’ privacy, rumors are circulating on the Internet regarding new features that Facebook wants to deploy, the social networking platform is testing a new feature that would allow it to Track user’s cursor on screen. Where the user moves the cursors and for how long, Facebook will know it and it will also see whether a user’s news feed is visible at any given moment on their mobile devices according to the Wall Street Journal.

Facebook’s analytics chief, Ken Rudin, declared the acquired information would be stored in a nearly endless range of purposes, including product development or more precise advertisement targeting … Nothing more.

Let’s remind that Facebook already collect an impressive data about its users and has technology to archive and elaborate them in a sophisticated and efficient way … Do we really want to give up our privacy to be part of the “carnivorous” network?

Will Facebook be able to protect them from ingerent government request and bold cybercriminals.

Do we really want to give up our privacy to be part of the “carnivorous” network?

We must be prepared … social media are a paradise for hackers and snoops.

Pierluigi Paganini

(Security Affairs – Facebook, I like script)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

American fast-fashion firm Hot Topic hit by credential stuffing attacks

Hot Topic suffered credential stuffing attacks that exposed customers' personal information and partial payment data.…

42 mins ago

Cisco addressed high-severity flaws in IOS and IOS XE software

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…

15 hours ago

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

21 hours ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

1 day ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

2 days ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

2 days ago

This website uses cookies.