Facebook Worm Can Be Created By Exploiting Clickjacking Flaw

Facebook has always been on target by cyber criminals. Specially in the year 2018 this social media platform suffers from several security breaches. Recently a Polish security analyst has reported about Clickjacking bug which can affect the Facebook mobile version sharing dialog feature. However the vulnerability doesn’t affect desktop version of Facebook. According to the researcher’s report, using this vulnerability cyber criminals can develop a nasty Facebook worm. Report further state that the flaw has been abused by the group of hackers in real time attack which distributes spam. The hacker group behind this scam use to post a link on Facebook walls of targeted users. Researcher want that Facebook must take the problems seriously and should fix it immediately.

What Is Clickjacking And How It Is Used By Crooks?

Clickjacking is an unsafe technique which is used by cyber criminals which allow them to control the links which is clicked by user. In other words using this technique cyber criminal trick user’s to click different from what they deem. Using this technique publisher of malicious website can take control on the device of victim and reveal their confidential information. Clickjack is presented as a form of embedded script or code which get executed without user’s consent. This time the cyber criminals are using this flaw to target Facebook users.

Facebook is not a single social media platform which is attacked using this flaw, Twitter was also attacked by hackers using the same technique last their in which they tweet anything without user’s permission. As published in a security report, cyber criminal use this exploit to provide a link to user with friend profiles which recommend a link. The link is titled as “LOL This girl gets OWNED after a POLICE OFFICER reads her STATUS MESSAGE”. According to user’s when they click this link they get redirected towards a third party webpage. That webpage doesn’t contain any message than “Click here to continue”.

According to report, whenever user click on this blank page it forces the user to add that particular link in the list of Likes. The worm remain invisible on the blank page which is linked to Facebook page of victim. As a consequence the profile of victims start recommending that link automatically to their friends as long as they are logged into their Facebook account.

Important Tips To Safeguard Facebook Account

Security breaches have become unfortunate part of Facebook. Therefore it is important to remain aware to protect your confidential information on Facebook. Here’s what you can do as prevention :

  • Do not click on links which you get from unknown users. Such links are usually send by scammers to collect your personal data.
  • Reset password of your Facebook. You should change password of Facebook on regularly and try to put a strong password.
  • Always check settings of Facebook to conduct a device audit. To do that go to settings then Security and Login tab. Here you can see when you logged into Facebook.
  • Check the apps and the site which required Facebook login. Remove the app which use Facebook login if appear suspicious.

Leave a Reply

Your email address will not be published. Required fields are marked *