Facebook clickjacking attack spreads

Register for the upcoming webinar: Top 6 Security Needs for APIs and Serverless Apps

A new clickjacking attack has targeted Facebook users. It presents itself in the form of a comment on the users’ account looking like this:

The photos are, obviously, randomly changed. The link takes you to a page where you are asked to click on the blue button to continue to your destination:

The blue button is actually the “Share” button on your Facebook page, so by clicking it, you are allowing the same post to be published on your account, tempting your friends to fall for the same scam.

Finally, you are redirected to a YouTube movie that launches some 12 seconds after you clicked on the link, creating the illusion that you accessed the movie only because you correctly passed the “test”.

According to Krzysztof Kotowicz, the attack works only in Firefox and Chrome for now.

Also, for the time being it seems that there is no ulterior motive to the attack other than to get as many people as possible to look at the movie.