BLOG POSTS > Understanding Clickjacking

Understanding Clickjacking

Understanding DoubleClickjacking

DoubleClickjacking is an advanced form of clickjacking where the attackers design deceptive websites with buttons that appear harmless to click. Upon the first click, an overlay, often a CAPTCHA, appears while malicious JavaScript transforms the original page to appear like a legitimate site. When the user double-clicks to solve the CAPTCHA, the overlay disappears, and the second click unknowingly clicks a hidden authorization button, thus granting the attackers access to sensitive information.

Implications and Risks

This makes the technique especially dangerous, as it effectively bypasses current clickjacking protections. Yibelo showed that it works against platforms such as Shopify, Slack, and Salesforce. It can also interact with browser extensions to allow unauthorized Web3 transactions or disable VPNs to leak IP addresses. Mobile devices are not safe either; a simple double tap on targeted elements can fire the attack.

Protective Measures

He recommends a JavaScript snippet that will make sensitive buttons unclickable after the first click to guard against DoubleClickjacking. Users should be very careful when accessing unknown sites and should not click on every prompt that comes their way.

Conclusion

DoubleClickjacking is a new frontier in malware methods that leverages user habits to provide unauthorized access. Awareness and implementation of recommended security measures are key steps toward protection from this emerging threat.