Click hijacking, also known as clickjacking, is typically generated by malware hidden within an app which is hardly detectable by general users. This malware is discreetly placed inside apps by bad actors, competing ad networks, or other fraudsters who are attempting to perform a range of malicious acts – from stealing the last-click attribution during an app installation process, to redirecting users to harmful websites.
There are various known ways attackers approach users for click hijacking. Most often, attackers use overlay-based techniques to enclose malicious sources in an invisible frame and deceive users into clicking on certain areas of a page. Below are some of the most common methods of click hijacking:
Attackers can overlay a transparent, legitimate page on top of a page containing malicious sources, disguising the malware. Users are tricked into thinking that the page is safe, but when clicked on, they are redirected to the malicious source underneath.
Attackers can take control of a user’s cursor by positioning it to a different element than the one the user was intending to click on. By manipulating the cursor’s movement and taking it to incorrect positions, users are prone to click on the embedded malware to be taken to the wrong space.
Click hijacking can be used as a type of attribution fraud in mobile marketing. When the malware hidden within an app detects a legitimate click, it intercepts immediately and sends a false click report. This report hijacks the original click and the install following it, making it seem like the false click was the last click received. By taking advantage of the last-touch model, fraudsters who distributed the false click report are able to take credit for the install.
Apart from these techniques, there are numerous possible approaches attackers can take to infiltrate user activity, depending on the desired end-action.
Due to constantly developing malware interfaces, it is impossible to completely eradicate or block click hijacking attacks. However, here are some ways to protect your user safety and minimize the chances of experiencing these attacks:
X-Frame-Options is an HTTP response header that specifies whether a page can be rendered in a frame. By denying the option to allow rendering, you can prevent your webpage from being embedded into malicious frames that can bait you.
For mobile marketers, regularly keeping track of your analytics data can help you identify click hijacking attacks that are falsely taking attribution for an install. When monitoring the data, if there are records of clicks happening immediately after a certain click, this may be a sign of click hijacking.
MMPs such as Airbridge provides fraud detection and protection services that prevents your app from experiencing malware attacks like click hijacking. With Airbridge, you can personalize your fraud protection rules to align them with your business’s needs and safety regulations.
