A new and dangerous cyber attack is putting millions of web users at risk. The double-clickjack hack targets all major web browsers, including Chrome, Edge, and Safari. This attack could let hackers steal your login credentials with just a simple double-click.
What Is Double-Clickjack?
Paulos Yibelo, a cybersecurity researcher, revealed this new threat in a recent blog post. Double-clickjack is a new version of the old clickjacking attack.
While clickjacking used hidden elements on web pages to trick users into clicking on them, double-clickjack takes it a step further. It relies on the timing of a double-click to trick users into authorizing actions, like logging into accounts, without them realizing it.
Hackers can manipulate the timing of your double-click to open a new window and switch contexts so quickly that you don’t notice. This could lead to account takeovers on major platforms.
Why Is This Attack So Dangerous?
Yibelo explained that double-clickjack bypasses all known clickjacking protections and affects almost every website. It doesn’t just target websites—crypto wallets and smartphones could also be vulnerable.
Here’s why this hack is so dangerous:
- It can bypass existing clickjacking protections.
- It impacts more than just websites, including crypto wallets and smartphones.
- It opens a new attack surface for hackers.
- All websites are vulnerable to this hack by default.
- It only requires the user to double-click.
How to Protect Yourself
While Yibelo has reported the issue to some websites, the response has been mixed. Some sites are working to fix it, but others haven’t taken action yet.
Until browser developers add protections, the best advice for users is simple: don’t double-click. This will help you avoid falling victim to this new attack until in-browser solutions are available.
