Cyber criminals always exploit any opportunity to make profits, news of the day is they are abusing of the legitimate European Cookie Law notices in clever clickjacking campaign.
The clickjacking campaign recently discovered exploits pop-up alerts that the European Cookie Law is requesting to show to the websites’ visitors.
European websites have to request explicit consent to the users to place a cookie on their computer for commercial purposes, the request is made by displaying a notification pop-up .
Cyber criminals are exploiting the pop-up by placing a legitimate ad banner on top of the message via an iframe. The crooks deceive the websites’ visitors by using an invisible ad, this is possible by setting the opacity of the frame to zero.
This implies that every time users click on the fake pop-up notification are not aware that they are also clicking on the ad hidden in the message.
“The rogue actors behind this fraudulent activity are cleverly leveraging a European law on the use of cookies to seemingly prompt visitors to answer a question.” states a blog post published by Malwarebytes. “While simple, this technique, also known as clickjacking, is pretty effective at generating clicks that look perfectly legitimate and performed by real human beings as opposed to bots.”
“This is costing advertisers and ad networks a lot of money while online crooks are profiting from bogus Pay Per Click traffic.”
The specific clickjacking campaign observed by Malwarebytes is not dangerous for the visitors, but cybercriminals could also exploit the same technique to trick users into clicking on malicious links, redirecting victims on malware hosting exploit kits.
(Security Affairs – clickjacking , European Cookie Law)
Romanian national was sentenced to 20 years in prison for his role in NetWalker ransomware…
Sophos fixed three Sophos Firewall flaws that could lead to SQL injection, privileged SSH access…
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds BeyondTrust Privileged Remote Access (PRA) and Remote…
Raccoon Infostealer operator Mark Sokolovsky was sentenced to 60 months in US prison and ordered…
Juniper Networks warns that a Mirai botnet is targeting SSR devices with default passwords after…
Fortinet warns of a patched FortiWLM vulnerability that could allow admin access and sensitive information…
This website uses cookies.