Facebook Users Fall Victim To ‘Likejacking’ Attacks

Attackers have updated a clickjacking attack targeting Facebook users that Sophos has dubbed “likejacking.”

During Memorial Day weekend in the US, a clickjacking worm roped in hundreds of thousands of Facebook members with messages such as “The Prom Dress That Got This Girl Suspended From School.” This time however, the attackers are using a new set of lures, including a promise of naked pictures of rock singer Hayley Williams of the band Paramore and teen pop singer Justin Bieber’s phone number.

Link spreads virally

Clicking on the links takes Facebook users to a third-party site with a message that reads, “Click here to continue if you are 18 years of age or above.” Wherever the visitor clicks on the site, the mouse click is hijacked, forcing a click on a button that tells Facebook they “like” the webpage. This gets published on the person’s Facebook page and shared with their friends, spreading the link virally.

The attacks using references to Bieber and Williams are only two examples. Others include a link targeting World Cup enthusiasts that prompts the visitor to install what purports to be an “HD Flash TV plugin”; a link for a site claiming to be about the BP oil spill; and another claiming to be about the movie “Shrek Forever After.”

So far, the attackers don’t seem to be doing anything malicious other than disrupting users’ Facebook accounts. However, attackers could always take it a step further, noted Sophos Senior Technology Consultant Graham Cluley.

“The number of attacks appears to be increasing as more people discover just how easy this is to do, and there’s a real danger that things could turn more malicious,” Cluley said.

Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Recent Posts

OpenAI In Talks With California Over For-Profit Shift

OpenAI reportedly begins early talks with California attorney general over complex transition from nonprofit to…

4 hours ago

EU To Assess Apple’s iPad Compliance Plans

European Commission says it will review Apple's iPad compliance with DMA rules as it seeks…

5 hours ago

James Dyson Says ‘Spiteful’ Budget Will Kill Start-Ups

James Dyson delivers most high-profile criticism so far of Labour's first Budget that raises £40bn…

5 hours ago

Nvidia, Meta Ask Supreme Court To Axe Investor Lawsuits

Nvidia, Meta bring cases before US Supreme Court this month seeking tighter limits on investors'…

6 hours ago

Nvidia To Replace Intel On Dow Jones Industrial Average

Nvidia to replace Intel this week on Dow Jones Industrial Average after years of turmoil…

6 hours ago

Toyota-Backed Joby Flies ‘Air Taxi’ In Japan

Joby Aviation and Toyota Motor complete demonstration flight in Shizuoka as companies prepare to bring…

7 hours ago