CUHK Faculty of Engineering Develops Browser-based Analysis Framework ObserverDetecting Malicious Click Interception and Mitigating Web Security Threat
To address this research gap, Professor Wei Meng and his Ph.D. student Mingxue Zhang of the Department of Computer Science and Engineering developed an analysis framework – Observer based on the Google Chromium browser, to systematically record and analyse various click interceptions on the Web. Using Observer, they analysed Alexa top 250K websites, and detected 437 third-party scripts that intercept user clicks on 613 popular websites, which in total receive around 43 million visits on a daily basis. In particular, though click interception, these scripts could trick users into visiting 3,251 untrusted unique uniform resource locators (URLs) controlled by third parties. Over 36% of them were related to online advertising. Further, some click interception URLs led users to malicious content such as scamwares. This demonstrates that click interception has become an emerging threat to web users.
The research identified three categories of click interception techniques: (1) modifying the destination URL of hyperlinks to lead users to malicious websites upon clicks; (2) adding click event listeners to manipulate user clicks; (3) visual deception, for example, by creating web content that is visually similar to first-party content, or displaying transparent elements on top of the web page. The former will trick users into clicking third-party element, and the latter enables the transparent elements to capture all user clicks on first-party content. Consequently, the users can be led to a page controlled by the attackers.