1. Introduction

Double Clickjacking is a new threat in the world of cybersecurity that combines elements of classic Clickjacking while adding additional layers of user manipulation. This technique allows attackers to force victims to perform hidden actions with serious consequences by using a double click.

2. What is Clickjacking?

Clickjacking is an attack where attackers hide a malicious element beneath a safe interface. As a result, the victim believes they are clicking on a regular button but are actually performing a different action.

Example of Classic Clickjacking: 🔹 A user clicks on the "Get Discount" button but is actually making a payment or posting a message on social media.

Clickjacking Techniques: ✔ Using iframe to overlay content
✔ Transparent elements hiding malicious buttons
✔ Manipulations with CSS and JavaScript

3. What is Double Clickjacking?

Double Clickjacking is an enhanced version of Clickjacking that uses a double click to deceive the victim.

How Does It Work?

🔹 First Click — The user clicks on a harmless element (e.g., "Read More").
🔹 Second Click — The interface is instantly replaced, and the user performs an unintentional action.

Differences from Regular Clickjacking:

4. Mechanism of Double Clickjacking

4.1. First Click — Building Trust

📌 The victim clicks on a benign UI element ("Read More", "Confirm", etc.).
📌 Visually, nothing changes, but a trap is set.

4.2. Second Click — Content Replacement

📌 At the moment of the click, a JavaScript manipulation changes the button.
📌 The victim clicks again—but now on a different element.

Example of an Attack: 1️⃣ You visit a website offering a discount.
2️⃣ You click "Get Bonus".
3️⃣ At that moment, the button changes to "Confirm Payment".
4️⃣ You click again—the money goes to the attacker.

+-------------------------------------------------+
| (1) "Bait" (Visible Button)                     |
|   The user sees a button:                       |
|   [ Click here to claim your gift! ]            |
+-------------------------------------------------+
       | Click
       v
+-------------------------------------------------+
| (2) Hidden Frame (iframe)                       |
|   At the click position, an invisible button is present: |
|   [ Confirm Action ] — linked to the            |
|   real Target Service website                   |
+-------------------------------------------------+
       | First click triggers confirmation
       v
+-------------------------------------------------+
| (3) Second Stage                                |
|   Another layer/button appears:                 |
|   [ Press OK to complete ]                      |
|   In reality, this is: [ OK ] in a payment form |
+-------------------------------------------------+
       | Second click
       v
+-------------------------------------------------+
| (4) Result                                      |
|   The action is executed on the Target Service. |
|   Example: money transfer, like, or subscription. |
+-------------------------------------------------+

5. How Do Attackers Implement Double Clickjacking?

5.1. iFrame Attacks

📌 A malicious site loads an invisible iframe that shifts after the first click.

5.2. JavaScript Manipulations

📌 Uses setTimeout() to delay content changes:

setTimeout(() => { 
   document.getElementById("button").innerText = "Confirm Payment"; 
}, 200);

5.3. CSS Hacks

📌 Hidden buttons become visible after the first click:

.hidden { display: none; }
.clicked .hidden { display: block; }

6. How to Protect Against Double Clickjacking?

6.1. HTTP Protection

🔒 Set X-Frame-Options: DENY and Content-Security-Policy headers.

6.2. JavaScript Protection

📌 Block suspicious clicks:

document.addEventListener('click', function(event) {
    if (Date.now() - lastClickTime < 500) {
        alert("Suspicious behavior!"); 
        event.preventDefault();
    }
    lastClickTime = Date.now();
});

6.3. UI Change Monitoring

📌 Use MutationObserver to monitor sudden changes on the page.

6.4. User-Side Protection

✔ Install NoScript and block suspicious iframes.
✔ Be cautious if a site requires double-clicking the same button.

7. Conclusion

Double Clickjacking represents a new level of attacks that combine technical manipulations and behavioral psychology. This method is harder to detect than regular Clickjacking, so protection must be multi-layered.

💡 How to Protect Yourself?
✅ Implement server-side security headers
✅ Use JavaScript filters and change observers
✅ Be cautious of websites that require double confirmation

🛑 Never double-click without thinking!