(also UI redress attack)
An attack in which an attacker utilizes multiple layers, either transparent or opaque, to trick a user into clicking a button or link on a lower-level website when they intend to click on the top-level page. The attacker is “hijacking” clicks and redirecting them to another site, belonging to a different app or domain while performing malicious operations. This allows the attacker to take full control of a person’s computer.
The same method can be used to steal keystrokes. A user can be tricked into entering their email or banking account password into an invisible frame managed by an attacker using a carefully prepared combination of iframes, stylesheets, and text boxes. In 2002 it was discovered that a transparent layer could be loaded on top of a website and made responsive to the user’s actions without drawing their attention. However, before 2008, this was not recognized as a serious problem.,