Click hijacking
Click hijacking
Click hijacking is an attack in which a user’s legitimate click is intercepted by some sort of fraudulent activity. By hijacking user activity and interrupting the original course of action of the legitimate click, attackers are able to trick users into performing other unwanted actions.

What is click hijacking? 

Click hijacking, also known as clickjacking, is typically generated by malware hidden within an app which is hardly detectable by general users. This malware is discreetly placed inside apps by bad actors, competing ad networks, or other fraudsters who are attempting to perform a range of malicious acts – from stealing the last-click attribution during an app installation process, to redirecting users to harmful websites. 

How does it work?

There are various known ways attackers approach users for click hijacking. Most often, attackers use overlay-based techniques to enclose malicious sources in an invisible frame and deceive users into clicking on certain areas of a page. Below are some of the most common methods of click hijacking: 

Transparent overlays 

Attackers can overlay a transparent, legitimate page on top of a page containing malicious sources, disguising the malware. Users are tricked into thinking that the page is safe, but when clicked on, they are redirected to the malicious source underneath.  

Cursor jacking

Attackers can take control of a user’s cursor by positioning it to a different element than the one the user was intending to click on. By manipulating the cursor’s movement and taking it to incorrect positions, users are prone to click on the embedded malware to be taken to the wrong space. 

Fraudulent click reports 

Click hijacking can be used as a type of attribution fraud in mobile marketing. When the malware hidden within an app detects a legitimate click, it intercepts immediately and sends a false click report. This report hijacks the original click and the install following it, making it seem like the false click was the last click received. By taking advantage of the last-touch model, fraudsters who distributed the false click report are able to take credit for the install. 

Apart from these techniques, there are numerous possible approaches attackers can take to infiltrate user activity, depending on the desired end-action. 

How to prevent click hijacking 

Due to constantly developing malware interfaces, it is impossible to completely eradicate or block click hijacking attacks. However, here are some ways to protect your user safety and minimize the chances of experiencing these attacks: 

Use X-Frame-Options

X-Frame-Options is an HTTP response header that specifies whether a page can be rendered in a frame. By denying the option to allow rendering, you can prevent your webpage from being embedded into malicious frames that can bait you.

Monitor your analytics data  

For mobile marketers, regularly keeping track of your analytics data can help you identify click hijacking attacks that are falsely taking attribution for an install. When monitoring the data, if there are records of clicks happening immediately after a certain click, this may be a sign of click hijacking. 

Use an MMP

MMPs such as Airbridge provides fraud detection and protection services that prevents your app from experiencing malware attacks like click hijacking. With Airbridge, you can personalize your fraud protection rules to align them with your business’s needs and safety regulations.

Subscribe to the newsletter for marketing trends, insights, and strategies.
Get a mail whenever a new article is uploaded.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Talk to us!

Ready to accelerate your app's growth?
The expertise and tools you need are just a chat away.
Join 20,000+ leading app marketing professionals for weekly insights
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.